CVE-2013-1961

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 4.0.3

Description The issue is related to multiple vulnerabilities in the libtiff package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A specific vulnerability is a stack-based buffer overflow in the t2p write pdf page function in tiff2pdf in libtiff before 4.0.3, allowing remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.

Recommendations For versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the t2p write pdf page function in tiff2pdf until a patch is available. Avoid using crafted TIFF image files that could exploit the buffer overflow vulnerability until the issue is resolved. At the moment, there is no other information about additional mitigation measures.