Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : tiff vulnerabilities (USN-2205-1)

Ubuntu Security Notice (C) 2014-2016 Canonical, Inc. / NASL script (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Pedro Ribeiro discovered that LibTIFF incorrectly handled certain
malformed images when using the gif2tiff tool. If a user or automated
system were tricked into opening a specially crafted GIF image, a
remote attacker could crash the application, leading to a denial of
service, or possibly execute arbitrary code with user privileges. This
issue only affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10
and Ubuntu 13.10. (CVE-2013-4231)

Pedro Ribeiro discovered that LibTIFF incorrectly handled certain
malformed images when using the tiff2pdf tool. If a user or automated
system were tricked into opening a specially crafted TIFF image, a
remote attacker could crash the application, leading to a denial of
service, or possibly execute arbitrary code with user privileges. This
issue only affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10
and Ubuntu 13.10. (CVE-2013-4232)

Murray McAllister discovered that LibTIFF incorrectly handled certain
malformed images when using the gif2tiff tool. If a user or automated
system were tricked into opening a specially crafted GIF image, a
remote attacker could crash the application, leading to a denial of
service, or possibly execute arbitrary code with user privileges.
(CVE-2013-4243)

Huzaifa Sidhpurwala discovered that LibTIFF incorrectly handled
certain malformed images when using the gif2tiff tool. If a user or
automated system were tricked into opening a specially crafted GIF
image, a remote attacker could crash the application, leading to a
denial of service, or possibly execute arbitrary code with user
privileges. This issue only affected Ubuntu 10.04 LTS, Ubunu 12.04
LTS, Ubuntu 12.10 and Ubuntu 13.10. (CVE-2013-4244).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected libtiff4 and / or libtiff5 packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Ubuntu Local Security Checks

Nessus Plugin ID: 73902 ()

Bugtraq ID: 61695
61849
62019
62082

CVE ID: CVE-2013-4231
CVE-2013-4232
CVE-2013-4243
CVE-2013-4244

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial