MEDIUM
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.
http://bugzilla.maptools.org/show_bug.cgi?id=2452
http://rhn.redhat.com/errata/RHSA-2014-0223.html
https://bugzilla.redhat.com/show_bug.cgi?id=996468
https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833
OR
cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.9.5:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* versions up to 4.0.3 (inclusive)
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 124940 | EulerOS Virtualization 3.0.1.0 : libtiff (EulerOS-SA-2019-1437) | Nessus | Huawei Local Security Checks | high |
| 92691 | OracleVM 3.3 / 3.4 : libtiff (OVMSA-2016-0093) | Nessus | OracleVM Local Security Checks | high |
| 84010 | F5 Networks BIG-IP : Multiple LibTIFF vulnerabilities (K16715) | Nessus | F5 Networks Local Security Checks | high |
| 80684 | Oracle Solaris Third-Party Patch Update : libtiff (cve_2013_4243_buffer_errors) | Nessus | Solaris Local Security Checks | medium |
| 78308 | Amazon Linux AMI : libtiff (ALAS-2014-365) | Nessus | Amazon Linux Local Security Checks | medium |
| 75146 | openSUSE Security Update : tiff (openSUSE-SU-2013:1482-1) | Nessus | SuSE Local Security Checks | medium |
| 74397 | Fedora 20 : mingw-libtiff-4.0.3-4.fc20 (2014-6837) | Nessus | Fedora Local Security Checks | medium |
| 74395 | Fedora 19 : mingw-libtiff-4.0.3-4.fc19 (2014-6831) | Nessus | Fedora Local Security Checks | medium |
| 74385 | Fedora 19 : libtiff-4.0.3-10.fc19 (2014-6594) | Nessus | Fedora Local Security Checks | medium |
| 74231 | Fedora 20 : libtiff-4.0.3-15.fc20 (2014-6583) | Nessus | Fedora Local Security Checks | medium |
| 73902 | Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : tiff vulnerabilities (USN-2205-1) | Nessus | Ubuntu Local Security Checks | medium |
| 73061 | Amazon Linux AMI : libtiff (ALAS-2014-307) | Nessus | Amazon Linux Local Security Checks | high |
| 72739 | Scientific Linux Security Update : libtiff on SL6.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
| 72738 | Scientific Linux Security Update : libtiff on SL5.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
| 72737 | RHEL 5 : libtiff (RHSA-2014:0223) | Nessus | Red Hat Local Security Checks | high |
| 72736 | RHEL 6 : libtiff (RHSA-2014:0222) | Nessus | Red Hat Local Security Checks | high |
| 72735 | Oracle Linux 5 : libtiff (ELSA-2014-0223) | Nessus | Oracle Linux Local Security Checks | high |
| 72734 | Oracle Linux 6 : libtiff (ELSA-2014-0222) | Nessus | Oracle Linux Local Security Checks | high |
| 72733 | CentOS 5 : libtiff (CESA-2014:0223) | Nessus | CentOS Local Security Checks | high |
| 72732 | CentOS 6 : libtiff (CESA-2014:0222) | Nessus | CentOS Local Security Checks | high |
| 72635 | GLSA-201402-21 : libTIFF: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 70794 | SuSE 11.2 / 11.3 Security Update : libtiff (SAT Patch Numbers 8384 / 8385) | Nessus | SuSE Local Security Checks | medium |
| 70499 | Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libtiff (SSA:2013-290-01) | Nessus | Slackware Local Security Checks | high |
| 69961 | Fedora 18 : libtiff-4.0.3-9.fc18 (2013-15673) | Nessus | Fedora Local Security Checks | medium |
| 69805 | Fedora 19 : libtiff-4.0.3-9.fc19 (2013-15679) | Nessus | Fedora Local Security Checks | medium |
| 69548 | Mandriva Linux Security Advisory : libtiff (MDVSA-2013:224) | Nessus | Mandriva Local Security Checks | medium |
| 69484 | Debian DSA-2744-1 : tiff - several vulnerabilities | Nessus | Debian Local Security Checks | medium |