CVE-2013-4232

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 4.0.3 libtiff-debuginfo versions 3.8.2 and 3.9.4 libtiff-static versions 3.8.2 and 3.9.4 libtiff-devel versions 3.8.2 and 3.9.4

Description The issue is related to multiple vulnerabilities in the libtiff package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, a use-after-free vulnerability in the t2p readwrite pdf image function in tools/tiff2pdf.c allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted TIFF image.

Recommendations For libtiff versions prior to 4.0.3, update to version 4.0.3 or later. For libtiff-debuginfo versions 3.8.2 and 3.9.4, update to a version that includes the fix for this issue. For libtiff-static versions 3.8.2 and 3.9.4, update to a version that includes the fix for this issue. For libtiff-devel versions 3.8.2 and 3.9.4, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the t2p readwrite pdf image function until a patch is available.