GoogleOSV:DSA-2698-1tiff - buffer overflow
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.044 Low
EPSS
Percentile
91.2%
Multiple issues were discovered in the TIFF tools, a set of utilities for
TIFF image file manipulation and conversion.
- CVE-2013-1960
Emmanuel Bouillon discovered a heap-based buffer overflow in the
tp_process_jpeg_strip function in the tiff2pdf tool. This could
potentially lead to a crash or arbitrary code execution. - CVE-2013-1961
Emmanuel Bouillon discovered many stack-based buffer overflows in
the TIFF tools. These issues could potentially lead to a crash or
arbitrary code execution.
For the oldstable distribution (squeeze), these problems have been fixed in
version 3.9.4-5+squeeze9.
For the stable distribution (wheezy), these problems have been fixed in
version 4.0.2-6+deb7u1.
For the testing distribution (jessie), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in
version 4.0.2-6+nmu1.
We recommend that you upgrade your tiff packages.
References
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.044 Low
EPSS
Percentile
91.2%