CVE-2013-4243

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.

References

http://bugzilla.maptools.org/show_bug.cgi?id=2451

http://rhn.redhat.com/errata/RHSA-2014-0223.html

http://secunia.com/advisories/54543

http://secunia.com/advisories/54628

http://www.debian.org/security/2013/dsa-2744

http://www.securityfocus.com/bid/62082

https://bugzilla.redhat.com/show_bug.cgi?id=996052

https://security.gentoo.org/glsa/201701-16

Details

Source: MITRE

Published: 2013-09-10

Updated: 2017-07-01

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.5:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
124940EulerOS Virtualization 3.0.1.0 : libtiff (EulerOS-SA-2019-1437)NessusHuawei Local Security Checks
high
96373GLSA-201701-16 : libTIFF: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
92691OracleVM 3.3 / 3.4 : libtiff (OVMSA-2016-0093)NessusOracleVM Local Security Checks
critical
84010F5 Networks BIG-IP : Multiple LibTIFF vulnerabilities (K16715)NessusF5 Networks Local Security Checks
high
80684Oracle Solaris Third-Party Patch Update : libtiff (cve_2013_4243_buffer_errors)NessusSolaris Local Security Checks
medium
78308Amazon Linux AMI : libtiff (ALAS-2014-365)NessusAmazon Linux Local Security Checks
medium
76172Debian DSA-2965-1 : tiff - security updateNessusDebian Local Security Checks
medium
75146openSUSE Security Update : tiff (openSUSE-SU-2013:1482-1)NessusSuSE Local Security Checks
medium
74397Fedora 20 : mingw-libtiff-4.0.3-4.fc20 (2014-6837)NessusFedora Local Security Checks
medium
74395Fedora 19 : mingw-libtiff-4.0.3-4.fc19 (2014-6831)NessusFedora Local Security Checks
medium
74385Fedora 19 : libtiff-4.0.3-10.fc19 (2014-6594)NessusFedora Local Security Checks
medium
74231Fedora 20 : libtiff-4.0.3-15.fc20 (2014-6583)NessusFedora Local Security Checks
medium
73902Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : tiff vulnerabilities (USN-2205-1)NessusUbuntu Local Security Checks
medium
73061Amazon Linux AMI : libtiff (ALAS-2014-307)NessusAmazon Linux Local Security Checks
high
72739Scientific Linux Security Update : libtiff on SL6.x i386/x86_64 (20140227)NessusScientific Linux Local Security Checks
high
72738Scientific Linux Security Update : libtiff on SL5.x i386/x86_64 (20140227)NessusScientific Linux Local Security Checks
high
72737RHEL 5 : libtiff (RHSA-2014:0223)NessusRed Hat Local Security Checks
high
72736RHEL 6 : libtiff (RHSA-2014:0222)NessusRed Hat Local Security Checks
high
72735Oracle Linux 5 : libtiff (ELSA-2014-0223)NessusOracle Linux Local Security Checks
high
72734Oracle Linux 6 : libtiff (ELSA-2014-0222)NessusOracle Linux Local Security Checks
high
72733CentOS 5 : libtiff (CESA-2014:0223)NessusCentOS Local Security Checks
high
72732CentOS 6 : libtiff (CESA-2014:0222)NessusCentOS Local Security Checks
high
70794SuSE 11.2 / 11.3 Security Update : libtiff (SAT Patch Numbers 8384 / 8385)NessusSuSE Local Security Checks
medium