CVE-2013-4244

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.

References

http://bugzilla.maptools.org/show_bug.cgi?id=2452

http://rhn.redhat.com/errata/RHSA-2014-0223.html

https://bugzilla.redhat.com/show_bug.cgi?id=996468

https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833

Details

Source: MITRE

Published: 2013-09-28

Updated: 2014-03-06

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:3.9.5:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:* versions up to 4.0.3 (inclusive)

Tenable Plugins

View all (27 total)

IDNameProductFamilySeverity
124940EulerOS Virtualization 3.0.1.0 : libtiff (EulerOS-SA-2019-1437)NessusHuawei Local Security Checks
high
92691OracleVM 3.3 / 3.4 : libtiff (OVMSA-2016-0093)NessusOracleVM Local Security Checks
critical
84010F5 Networks BIG-IP : Multiple LibTIFF vulnerabilities (K16715)NessusF5 Networks Local Security Checks
high
80684Oracle Solaris Third-Party Patch Update : libtiff (cve_2013_4243_buffer_errors)NessusSolaris Local Security Checks
medium
78308Amazon Linux AMI : libtiff (ALAS-2014-365)NessusAmazon Linux Local Security Checks
medium
75146openSUSE Security Update : tiff (openSUSE-SU-2013:1482-1)NessusSuSE Local Security Checks
medium
74397Fedora 20 : mingw-libtiff-4.0.3-4.fc20 (2014-6837)NessusFedora Local Security Checks
medium
74395Fedora 19 : mingw-libtiff-4.0.3-4.fc19 (2014-6831)NessusFedora Local Security Checks
medium
74385Fedora 19 : libtiff-4.0.3-10.fc19 (2014-6594)NessusFedora Local Security Checks
medium
74231Fedora 20 : libtiff-4.0.3-15.fc20 (2014-6583)NessusFedora Local Security Checks
medium
73902Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 / 14.04 LTS : tiff vulnerabilities (USN-2205-1)NessusUbuntu Local Security Checks
medium
73061Amazon Linux AMI : libtiff (ALAS-2014-307)NessusAmazon Linux Local Security Checks
high
72739Scientific Linux Security Update : libtiff on SL6.x i386/x86_64 (20140227)NessusScientific Linux Local Security Checks
high
72738Scientific Linux Security Update : libtiff on SL5.x i386/x86_64 (20140227)NessusScientific Linux Local Security Checks
high
72737RHEL 5 : libtiff (RHSA-2014:0223)NessusRed Hat Local Security Checks
high
72736RHEL 6 : libtiff (RHSA-2014:0222)NessusRed Hat Local Security Checks
high
72735Oracle Linux 5 : libtiff (ELSA-2014-0223)NessusOracle Linux Local Security Checks
high
72734Oracle Linux 6 : libtiff (ELSA-2014-0222)NessusOracle Linux Local Security Checks
high
72733CentOS 5 : libtiff (CESA-2014:0223)NessusCentOS Local Security Checks
high
72732CentOS 6 : libtiff (CESA-2014:0222)NessusCentOS Local Security Checks
high
72635GLSA-201402-21 : libTIFF: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
70794SuSE 11.2 / 11.3 Security Update : libtiff (SAT Patch Numbers 8384 / 8385)NessusSuSE Local Security Checks
medium
70499Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : libtiff (SSA:2013-290-01)NessusSlackware Local Security Checks
high
69961Fedora 18 : libtiff-4.0.3-9.fc18 (2013-15673)NessusFedora Local Security Checks
medium
69805Fedora 19 : libtiff-4.0.3-9.fc19 (2013-15679)NessusFedora Local Security Checks
medium
69548Mandriva Linux Security Advisory : libtiff (MDVSA-2013:224)NessusMandriva Local Security Checks
medium
69484Debian DSA-2744-1 : tiff - several vulnerabilitiesNessusDebian Local Security Checks
medium