CVE-2013-4231

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.

References

http://bugzilla.maptools.org/show_bug.cgi?id=2450

http://rhn.redhat.com/errata/RHSA-2014-0223.html

http://secunia.com/advisories/54543

http://secunia.com/advisories/54628

http://www.asmail.be/msg0055359936.html

http://www.debian.org/security/2013/dsa-2744

http://www.openwall.com/lists/oss-security/2013/08/10/2

http://www.securityfocus.com/bid/61695

https://bugzilla.redhat.com/show_bug.cgi?id=995965

Details

Source: MITRE

Published: 2014-01-19

Updated: 2016-12-31

Type: CWE-119

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
92691OracleVM 3.3 / 3.4 : libtiff (OVMSA-2016-0093)NessusOracleVM Local Security Checks
critical
84010F5 Networks BIG-IP : Multiple LibTIFF vulnerabilities (K16715)NessusF5 Networks Local Security Checks
high
80682Oracle Solaris Third-Party Patch Update : libtiff (cve_2013_4231_buffer_overflow)NessusSolaris Local Security Checks
medium
78308Amazon Linux AMI : libtiff (ALAS-2014-365)NessusAmazon Linux Local Security Checks
medium
75146openSUSE Security Update : tiff (openSUSE-SU-2013:1482-1)NessusSuSE Local Security Checks
medium
74397Fedora 20 : mingw-libtiff-4.0.3-4.fc20 (2014-6837)NessusFedora Local Security Checks
medium
74395Fedora 19 : mingw-libtiff-4.0.3-4.fc19 (2014-6831)NessusFedora Local Security Checks
medium
74385Fedora 19 : libtiff-4.0.3-10.fc19 (2014-6594)NessusFedora Local Security Checks
medium
74231Fedora 20 : libtiff-4.0.3-15.fc20 (2014-6583)NessusFedora Local Security Checks
medium
73902Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : tiff vulnerabilities (USN-2205-1)NessusUbuntu Local Security Checks
medium
73061Amazon Linux AMI : libtiff (ALAS-2014-307)NessusAmazon Linux Local Security Checks
high
72739Scientific Linux Security Update : libtiff on SL6.x i386/x86_64 (20140227)NessusScientific Linux Local Security Checks
high
72738Scientific Linux Security Update : libtiff on SL5.x i386/x86_64 (20140227)NessusScientific Linux Local Security Checks
high
72737RHEL 5 : libtiff (RHSA-2014:0223)NessusRed Hat Local Security Checks
high
72736RHEL 6 : libtiff (RHSA-2014:0222)NessusRed Hat Local Security Checks
high
72735Oracle Linux 5 : libtiff (ELSA-2014-0223)NessusOracle Linux Local Security Checks
high
72734Oracle Linux 6 : libtiff (ELSA-2014-0222)NessusOracle Linux Local Security Checks
high
72733CentOS 5 : libtiff (CESA-2014:0223)NessusCentOS Local Security Checks
high
72732CentOS 6 : libtiff (CESA-2014:0222)NessusCentOS Local Security Checks
high
72635GLSA-201402-21 : libTIFF: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
70794SuSE 11.2 / 11.3 Security Update : libtiff (SAT Patch Numbers 8384 / 8385)NessusSuSE Local Security Checks
medium
70499Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libtiff (SSA:2013-290-01)NessusSlackware Local Security Checks
high
69484Debian DSA-2744-1 : tiff - several vulnerabilitiesNessusDebian Local Security Checks
medium
69467Mandriva Linux Security Advisory : libtiff (MDVSA-2013:219)NessusMandriva Local Security Checks
medium
69394Fedora 18 : libtiff-4.0.3-8.fc18 (2013-14726)NessusFedora Local Security Checks
medium
69393Fedora 19 : libtiff-4.0.3-8.fc19 (2013-14707)NessusFedora Local Security Checks
medium