Published: 10/09/2013 Updated: 13/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and previous versions allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff
libtiff libtiff 3.4
libtiff libtiff 3.5.1
libtiff libtiff 3.5.2
libtiff libtiff 3.5.3
libtiff libtiff 3.5.4
libtiff libtiff 3.5.5
libtiff libtiff 3.5.6
libtiff libtiff 3.5.7
libtiff libtiff 3.6.0
libtiff libtiff 3.6.1
libtiff libtiff 3.7.0
libtiff libtiff 3.7.1
libtiff libtiff 3.7.2
libtiff libtiff 3.7.3
libtiff libtiff 3.7.4
libtiff libtiff 3.8.0
libtiff libtiff 3.8.1
libtiff libtiff 3.8.2
libtiff libtiff 3.9
libtiff libtiff 3.9.0
libtiff libtiff 3.9.1
libtiff libtiff 3.9.2
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.9.3
libtiff libtiff 3.9.4
libtiff libtiff 3.9.5
libtiff libtiff 4.0
libtiff libtiff 4.0.1
libtiff libtiff 4.0.2
debian debian_linux 6.0
debian debian_linux 7.0

Debian Bug report logs - #742917 tiff: CVE-2013-4243 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Fri, 28 Mar 2014 22:42:02 UTC Severity: important Tags: security Found in version tiff/394-5 Fixed in versions tiff/ ...

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

Murray McAllister discovered a heap-based buffer overflow in the gif2tiff command line tool Executing gif2tiff on a malicious tiff image could result in arbitrary code execution For the stable distribution (wheezy), this problem has been fixed in version 402-6+deb7u3 For the testing distribution (jessie), this problem will be fixed soon For t ...

A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2013-1960, CVE-2013-4232) Multiple buffer overflow flaws were found in the gif2tiff tool An attacker could us ...

Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdfc in libtiff 403 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted TIFF image The LZW decompressor in the gif2tiff tool in libtiff 403 and earlier allows context-dependent attackers to cause a deni ...

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 403 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image ...

CWE-119 http://www.debian.org/security/2013/dsa-2744 https://bugzilla.redhat.com/show_bug.cgi?id=996052 http://secunia.com/advisories/54543 http://bugzilla.maptools.org/show_bug.cgi?id=2451 http://secunia.com/advisories/54628 http://rhn.redhat.com/errata/RHSA-2014-0223.html http://www.securityfocus.com/bid/62082 https://security.gentoo.org/glsa/201701-16 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742917 https://usn.ubuntu.com/2205-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-4243

CVE-2013-4243

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect