CVE-2013-1960

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 4.0.3 libtiff-debuginfo versions 3.8.2, 3.9.4 libtiff-static versions 3.9.4 libtiff-devel versions 3.9.4

Description The issue involves multiple vulnerabilities in the libtiff package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, potentially causing a denial of service or allowing the execution of arbitrary code via a crafted TIFF image file. The t2p process jpeg strip function in tiff2pdf is specifically affected by a heap-based buffer overflow.

Recommendations For libtiff versions prior to 4.0.3, update to version 4.0.3 or later. For libtiff-debuginfo versions 3.8.2, 3.9.4, update to a version that is not affected by the vulnerability. For libtiff-static versions 3.9.4, update to a version that is not affected by the vulnerability. For libtiff-devel versions 3.9.4, update to a version that is not affected by the vulnerability. As a temporary workaround, consider disabling the t2p process jpeg strip function in tiff2pdf until a patch is available.