LibTIFF vulnerabilities

2014-05-0600:00:00

ubuntu.com

9.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.049 Low

EPSS

Percentile

92.7%

JSON

Releases

Ubuntu 14.04 ESM
Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04

Packages

tiff - Tag Image File Format (TIFF) library

Details

Pedro Ribeiro discovered that LibTIFF incorrectly handled certain
malformed images when using the gif2tiff tool. If a user or automated
system were tricked into opening a specially crafted GIF image, a remote
attacker could crash the application, leading to a denial of service, or
possibly execute arbitrary code with user privileges. This issue only
affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10.
(CVE-2013-4231)

Pedro Ribeiro discovered that LibTIFF incorrectly handled certain
malformed images when using the tiff2pdf tool. If a user or automated
system were tricked into opening a specially crafted TIFF image, a remote
attacker could crash the application, leading to a denial of service, or
possibly execute arbitrary code with user privileges. This issue only
affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10.
(CVE-2013-4232)

Murray McAllister discovered that LibTIFF incorrectly handled certain
malformed images when using the gif2tiff tool. If a user or automated
system were tricked into opening a specially crafted GIF image, a remote
attacker could crash the application, leading to a denial of service, or
possibly execute arbitrary code with user privileges. (CVE-2013-4243)

Huzaifa Sidhpurwala discovered that LibTIFF incorrectly handled certain
malformed images when using the gif2tiff tool. If a user or automated
system were tricked into opening a specially crafted GIF image, a remote
attacker could crash the application, leading to a denial of service, or
possibly execute arbitrary code with user privileges. This issue only
affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10.
(CVE-2013-4244)

OSVersionArchitecturePackageVersionFilename
Ubuntu14.04noarchlibtiff5< 4.0.3-7ubuntu0.1UNKNOWN
Ubuntu14.04noarchlibtiff-opengl< 4.0.3-7ubuntu0.1UNKNOWN
Ubuntu14.04noarchlibtiff-tools< 4.0.3-7ubuntu0.1UNKNOWN
Ubuntu14.04noarchlibtiff4-dev< 4.0.3-7ubuntu0.1UNKNOWN
Ubuntu14.04noarchlibtiff5-alt-dev< 4.0.3-7ubuntu0.1UNKNOWN
Ubuntu14.04noarchlibtiff5-dev< 4.0.3-7ubuntu0.1UNKNOWN
Ubuntu14.04noarchlibtiffxx5< 4.0.3-7ubuntu0.1UNKNOWN
Ubuntu13.10noarchlibtiff5< 4.0.2-4ubuntu3.1UNKNOWN
Ubuntu13.10noarchlibtiff-opengl< 4.0.2-4ubuntu3.1UNKNOWN
Ubuntu13.10noarchlibtiff-tools< 4.0.2-4ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.04	noarch	libtiff5	< 4.0.3-7ubuntu0.1	UNKNOWN
Ubuntu	14.04	noarch	libtiff-opengl	< 4.0.3-7ubuntu0.1	UNKNOWN
Ubuntu	14.04	noarch	libtiff-tools	< 4.0.3-7ubuntu0.1	UNKNOWN
Ubuntu	14.04	noarch	libtiff4-dev	< 4.0.3-7ubuntu0.1	UNKNOWN
Ubuntu	14.04	noarch	libtiff5-alt-dev	< 4.0.3-7ubuntu0.1	UNKNOWN
Ubuntu	14.04	noarch	libtiff5-dev	< 4.0.3-7ubuntu0.1	UNKNOWN
Ubuntu	14.04	noarch	libtiffxx5	< 4.0.3-7ubuntu0.1	UNKNOWN
Ubuntu	13.10	noarch	libtiff5	< 4.0.2-4ubuntu3.1	UNKNOWN
Ubuntu	13.10	noarch	libtiff-opengl	< 4.0.2-4ubuntu3.1	UNKNOWN
Ubuntu	13.10	noarch	libtiff-tools	< 4.0.2-4ubuntu3.1	UNKNOWN