Mandriva Linux Security Advisory : libtiff (MDVSA-2013:219)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated libtiff packages fix security vulnerabilities :

Pedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool
to convert RGB color, greyscale, or bi-level TIFF images to YCbCr
images, and multiple buffer overflow flaws in gif2tiff, a tool to
convert GIF images to TIFF. A remote attacker could provide a
specially crafted TIFF or GIF file that, when processed by rgb2ycbcr
and gif2tiff respectively, would cause the tool to crash or,
potentially, execute arbitrary code with the privileges of the user
running the tool (CVE-2013-4231).

Pedro Ribeiro discovered a use-after-free flaw in the
t2p_readwrite_pdf_image\(\) function in tiff2pdf, a tool for
converting a TIFF image to a PDF document. A remote attacker could
provide a specially crafted TIFF file that, when processed by
tiff2pdf, would cause tiff2pdf to crash or, potentially, execute
arbitrary code with the privileges of the user running tiff2pdf
(CVE-2013-4232).

See also :

http://advisories.mageia.org/MGASA-2013-0258.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 69467 ()

Bugtraq ID: 61695
61849

CVE ID: CVE-2013-4231
CVE-2013-4232

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now