6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.035 Low
EPSS
Percentile
91.5%
Package : tiff
Version : 3.9.4-5+squeeze11
CVE ID : CVE-2013-4243
Debian Bug : #742917
Murray McAllister discovered a heap-based buffer overflow in the gif2tiff
command line tool. Executing gif2tiff on a malicious tiff image could
result in arbitrary code execution.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | amd64 | libtiff5 | < 4.0.2-6+deb7u3 | libtiff5_4.0.2-6+deb7u3_amd64.deb |
Debian | 7 | sparc | libtiff5 | < 4.0.2-6+deb7u3 | libtiff5_4.0.2-6+deb7u3_sparc.deb |
Debian | 7 | armel | libtiff-opengl | < 4.0.2-6+deb7u3 | libtiff-opengl_4.0.2-6+deb7u3_armel.deb |
Debian | 7 | i386 | libtiff5-dev | < 4.0.2-6+deb7u3 | libtiff5-dev_4.0.2-6+deb7u3_i386.deb |
Debian | 7 | i386 | libtiff5 | < 4.0.2-6+deb7u3 | libtiff5_4.0.2-6+deb7u3_i386.deb |
Debian | 7 | amd64 | libtiff5-alt-dev | < 4.0.2-6+deb7u3 | libtiff5-alt-dev_4.0.2-6+deb7u3_amd64.deb |
Debian | 7 | i386 | libtiff-tools | < 4.0.2-6+deb7u3 | libtiff-tools_4.0.2-6+deb7u3_i386.deb |
Debian | 6 | i386 | libtiff4 | < 3.9.4-5+squeeze11 | libtiff4_3.9.4-5+squeeze11_i386.deb |
Debian | 7 | kfreebsd-i386 | libtiff5 | < 4.0.2-6+deb7u3 | libtiff5_4.0.2-6+deb7u3_kfreebsd-i386.deb |
Debian | 6 | amd64 | libtiff-tools | < 3.9.4-5+squeeze11 | libtiff-tools_3.9.4-5+squeeze11_amd64.deb |