Updated libtiff package fixes security vulnerability

2013-09-2501:43:52

Gentoo Foundation

advisories.mageia.org

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.035 Low

EPSS

Percentile

91.5%

JSON

A possible heap-based buffer overflow flaw was found in the readgifimage function in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted GIF file that, when processed by gif2tiff, would cause gif2tiff to crash or, potentially, execute arbitrary code with the privileges of the user running gif2tiff (CVE-2013-4243).

OSVersionArchitecturePackageVersionFilename
Mageia2noarchlibtiff< 4.0.1-2.9libtiff-4.0.1-2.9.mga2
Mageia3noarchlibtiff< 4.0.3-4.3libtiff-4.0.3-4.3.mga3