PT-2013-1166 · Libtiff+5 · Libtiff+5

Murray Mcallister

Publicado

2013-09-10

Atualizado

2024-06-15

CVE-2013-4243

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libtiff versions 3.9.4 and earlier libtiff versions 4.0.3 and earlier

Description The issue is related to multiple vulnerabilities in the libtiff package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A heap-based buffer overflow in the readgifimage function in the gif2tiff tool allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted height and width values in a GIF image.

Recommendations For libtiff versions 3.9.4 and earlier, update to a version later than 3.9.4 to resolve the issue. For libtiff versions 4.0.3 and earlier, update to a version later than 4.0.3 to resolve the issue. As a temporary workaround, consider disabling the readgifimage function in the gif2tiff tool until a patch is available. Restrict access to the gif2tiff tool to minimize the risk of exploitation.

Correção

DoS

Buffer Overflow

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-20

Identificadores relacionados

ALT-PU-2019-1628

BDU:2015-06338

BDU:2015-06339

BDU:2015-06340

BDU:2015-06344

BDU:2015-06345

BDU:2015-08609

BDU:2015-08610

BDU:2015-08611

BDU:2015-08612

BDU:2015-09010

CESA-2014_0222

CVE-2013-4243

DLA-0013-1

DSA-2965-1

MGASA-2013-0291

OPENSUSE-SU-2024:10554-1

RHSA-2014:0222

RHSA-2014:0223

RHSA-2014_0222

RHSA-2014_0223

USN-2205-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libtiff

PT-2013-1166 · Libtiff+5 · Libtiff+5

CVE-2013-4243

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 193