CVE-2013-4231

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 4.0.3 libtiff-debuginfo versions 3.8.2 and 3.9.4 libtiff-static version 3.9.4 libtiff-devel version 3.9.4 tiff versions prior to 4.0.3-r6

Description The issue involves multiple vulnerabilities in the libtiff package, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service due to out-of-bounds write. The exploitation can occur through crafted images, including GIF images with malicious extension blocks or long filenames for TIFF images.

Recommendations For libtiff versions prior to 4.0.3, update to version 4.0.3 or later. For libtiff-debuginfo versions 3.8.2 and 3.9.4, update to a version that includes the fix for this issue. For libtiff-static version 3.9.4, update to a version that includes the fix for this issue. For libtiff-devel version 3.9.4, update to a version that includes the fix for this issue. For tiff versions prior to 4.0.3-r6, update to version 4.0.3-r6 or later. As a temporary workaround, consider restricting access to tools that utilize the libtiff package until a patch is available.