CVE-2013-4231

2014-01-1900:00:00

ubuntu.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.049 Low

EPSS

Percentile

92.7%

JSON

Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to
cause a denial of service (out-of-bounds write) via a crafted (1) extension
block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a
long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3
are disputed by Red Hat, which states that the input cannot exceed the
allocated buffer size.

Bugs

Notes

Author	Note
jdstrand	tiff3 does not build tiff-tools

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchtiff< 3.9.2-2ubuntu0.14UNKNOWN
ubuntu12.04noarchtiff< 3.9.5-2ubuntu1.6UNKNOWN
ubuntu12.10noarchtiff< 4.0.2-1ubuntu2.3UNKNOWN
ubuntu13.10noarchtiff< 4.0.2-4ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	tiff	< 3.9.2-2ubuntu0.14	UNKNOWN
ubuntu	12.04	noarch	tiff	< 3.9.5-2ubuntu1.6	UNKNOWN
ubuntu	12.10	noarch	tiff	< 4.0.2-1ubuntu2.3	UNKNOWN
ubuntu	13.10	noarch	tiff	< 4.0.2-4ubuntu3.1	UNKNOWN