Published: 19/01/2014 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Multiple buffer overflows in libtiff prior to 4.0.3 allow remote malicious users to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 4.0
libtiff libtiff 4.0.1
libtiff libtiff

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #742917 tiff: CVE-2013-4243 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Fri, 28 Mar 2014 22:42:02 UTC Severity: important Tags: security Found in version tiff/394-5 Fixed in versions tiff/ ...

Debian Bug report logs - #719303 tiff: CVE-2013-4231 CVE-2013-4232 Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 10 Aug 2013 13:27:02 UTC Severity: important Tags: security, upstream Fixed in versions tiff/403-2, ti ...

A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2013-1960, CVE-2013-4232) Multiple buffer overflow flaws were found in the gif2tiff tool An attacker could us ...

Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdfc in libtiff 403 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted TIFF image The LZW decompressor in the gif2tiff tool in libtiff 403 and earlier allows context-dependent attackers to cause a deni ...

Multiple buffer overflows in libtiff before 403 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiffc or (3) a long filename for a TIFF image to tools/rgb2ycbcrc NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the i ...

CWE-119 http://www.debian.org/security/2013/dsa-2744 http://www.asmail.be/msg0055359936.html http://secunia.com/advisories/54543 http://bugzilla.maptools.org/show_bug.cgi?id=2450 http://secunia.com/advisories/54628 http://www.openwall.com/lists/oss-security/2013/08/10/2 https://bugzilla.redhat.com/show_bug.cgi?id=995965 http://rhn.redhat.com/errata/RHSA-2014-0223.html http://www.securityfocus.com/bid/61695 https://usn.ubuntu.com/2205-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-4231

CVE-2013-4231

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect