PT-2013-1166 · Libtiff+5 · Libtiff+5

Murray Mcallister

Published

2013-09-10

Updated

2024-06-15

CVE-2013-4243

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libtiff versions 3.9.4 and earlier libtiff versions 4.0.3 and earlier

Description The issue is related to multiple vulnerabilities in the libtiff package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A heap-based buffer overflow in the readgifimage function in the gif2tiff tool allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted height and width values in a GIF image.

Recommendations For libtiff versions 3.9.4 and earlier, update to a version later than 3.9.4 to resolve the issue. For libtiff versions 4.0.3 and earlier, update to a version later than 4.0.3 to resolve the issue. As a temporary workaround, consider disabling the readgifimage function in the gif2tiff tool until a patch is available. Restrict access to the gif2tiff tool to minimize the risk of exploitation.

Fix

DoS

Buffer Overflow

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-20

Related Identifiers

ALT-PU-2019-1628

BDU:2015-06338

BDU:2015-06339

BDU:2015-06340

BDU:2015-06344

BDU:2015-06345

BDU:2015-08609

BDU:2015-08610

BDU:2015-08611

BDU:2015-08612

BDU:2015-09010

CESA-2014_0222

CVE-2013-4243

DLA-0013-1

DSA-2965-1

MGASA-2013-0291

OPENSUSE-SU-2024:10554-1

RHSA-2014:0222

RHSA-2014:0223

RHSA-2014_0222

RHSA-2014_0223

USN-2205-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libtiff

PT-2013-1166 · Libtiff+5 · Libtiff+5

CVE-2013-4243

Weakness Enumeration

Related Identifiers

Affected Products

References · 193