CVE-2013-4243

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugzilla.maptools.org/show_bug.cgi?id=2451	Patch
http://rhn.redhat.com/errata/RHSA-2014-0223.html
http://secunia.com/advisories/54543	Vendor Advisory
http://secunia.com/advisories/54628	Vendor Advisory
http://www.debian.org/security/2013/dsa-2744
http://www.securityfocus.com/bid/62082
https://bugzilla.redhat.com/show_bug.cgi?id=996052	Patch
https://security.gentoo.org/glsa/201701-16

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:libtiff:libtiff::::::::
	cpe:2.3:a:libtiff:libtiff:3.4:::::::*
	cpe:2.3:a:libtiff:libtiff:3.4:beta18::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta24::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta28::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta29::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta31::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta32::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta34::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta35::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta36::::::
	cpe:2.3:a:libtiff:libtiff:3.4:beta37::::::
	cpe:2.3:a:libtiff:libtiff:3.5.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.2:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.3:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.4:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.5:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.6:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.6:beta::::::
	cpe:2.3:a:libtiff:libtiff:3.5.7:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.7:alpha::::::
	cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2::::::
	cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3::::::
	cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4::::::
	cpe:2.3:a:libtiff:libtiff:3.5.7:beta::::::
	cpe:2.3:a:libtiff:libtiff:3.6.0:::::::*
	cpe:2.3:a:libtiff:libtiff:3.6.0:beta::::::
	cpe:2.3:a:libtiff:libtiff:3.6.0:beta2::::::
	cpe:2.3:a:libtiff:libtiff:3.6.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.7.0:::::::*
	cpe:2.3:a:libtiff:libtiff:3.7.0:alpha::::::
	cpe:2.3:a:libtiff:libtiff:3.7.0:beta::::::
	cpe:2.3:a:libtiff:libtiff:3.7.0:beta2::::::
	cpe:2.3:a:libtiff:libtiff:3.7.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.7.2:::::::*
	cpe:2.3:a:libtiff:libtiff:3.7.3:::::::*
	cpe:2.3:a:libtiff:libtiff:3.7.4:::::::*
	cpe:2.3:a:libtiff:libtiff:3.8.0:::::::*
	cpe:2.3:a:libtiff:libtiff:3.8.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.8.2:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9.0:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9.0:beta::::::
	cpe:2.3:a:libtiff:libtiff:3.9.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9.2:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9.3:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9.4:::::::*
	cpe:2.3:a:libtiff:libtiff:3.9.5:::::::*
	cpe:2.3:a:libtiff:libtiff:4.0:::::::*
	cpe:2.3:a:libtiff:libtiff:4.0:alpha::::::
	cpe:2.3:a:libtiff:libtiff:4.0:beta1::::::
	cpe:2.3:a:libtiff:libtiff:4.0:beta2::::::
	cpe:2.3:a:libtiff:libtiff:4.0:beta3::::::
	cpe:2.3:a:libtiff:libtiff:4.0:beta4::::::
	cpe:2.3:a:libtiff:libtiff:4.0:beta5::::::
	cpe:2.3:a:libtiff:libtiff:4.0:beta6::::::
	cpe:2.3:a:libtiff:libtiff:4.0.1:::::::*
	cpe:2.3:a:libtiff:libtiff:4.0.2:::::::*

OR	cpe:2.3:o:debian:debian_linux:6.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*

History

No history.

Information

Published : 2013-09-10 19:55

Updated : 2024-02-04 18:16

NVD link : CVE-2013-4243

Mitre link : CVE-2013-4243

CVE.ORG link : CVE-2013-4243

JSON object : View

Products Affected

debian

debian_linux

libtiff

libtiff

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

6.8 /10