Published: 28/09/2013 Updated: 13/02/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and previous versions allows context-dependent malicious users to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff 3.4
libtiff libtiff 3.7.0
libtiff libtiff 4.0
libtiff libtiff 3.6.0
libtiff libtiff 3.6.1
libtiff libtiff 3.8.0
libtiff libtiff
libtiff libtiff 3.7.3
libtiff libtiff 3.8.1
libtiff libtiff 3.9.5
libtiff libtiff 3.9.3
libtiff libtiff 3.5.7
libtiff libtiff 3.8.2
libtiff libtiff 3.7.2
libtiff libtiff 3.9.2-5.2.1
libtiff libtiff 3.5.3
libtiff libtiff 3.7.1
libtiff libtiff 3.5.4
libtiff libtiff 3.5.2
libtiff libtiff 4.0.1
libtiff libtiff 4.0.2
libtiff libtiff 3.9.2
libtiff libtiff 3.7.4
libtiff libtiff 3.9.4
libtiff libtiff 3.5.5
libtiff libtiff 3.9.0
libtiff libtiff 3.5.6
libtiff libtiff 3.5.1
libtiff libtiff 3.9.1
libtiff libtiff 3.9

LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file ...

Debian Bug report logs - #742917 tiff: CVE-2013-4243 Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Michael Gilbert <mgilbert@debianorg> Date: Fri, 28 Mar 2014 22:42:02 UTC Severity: important Tags: security Found in version tiff/394-5 Fixed in versions tiff/ ...

Debian Bug report logs - #719303 tiff: CVE-2013-4231 CVE-2013-4232 Package: tiff; Maintainer for tiff is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 10 Aug 2013 13:27:02 UTC Severity: important Tags: security, upstream Fixed in versions tiff/403-2, ti ...

A heap-based buffer overflow and a use-after-free flaw were found in the tiff2pdf tool An attacker could use these flaws to create a specially crafted TIFF file that would cause tiff2pdf to crash or, possibly, execute arbitrary code (CVE-2013-1960, CVE-2013-4232) Multiple buffer overflow flaws were found in the gif2tiff tool An attacker could us ...

Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdfc in libtiff 403 allows remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted TIFF image The LZW decompressor in the gif2tiff tool in libtiff 403 and earlier allows context-dependent attackers to cause a deni ...

The LZW decompressor in the gif2tiff tool in libtiff 403 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image ...

CWE-119 https://bugzilla.redhat.com/show_bug.cgi?id=996468 https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833 http://bugzilla.maptools.org/show_bug.cgi?id=2452 http://rhn.redhat.com/errata/RHSA-2014-0223.html https://usn.ubuntu.com/2205-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-4244

CVE-2013-4244

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect