Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Enterprise Linux
Remotesensing
  • Libtiff

Configuration 1 [-]

OR cpe:2.3:a:remotesensing:libtiff:*:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.4:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.4:beta18:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.4:beta24:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.4:beta28:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.4:beta29:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.4:beta31:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.4:beta32:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.4:beta34:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.4:beta35:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.4:beta36:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.4:beta37:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.6:beta:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha2:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha3:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha4:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.5.7:beta:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.6.0:beta:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.6.0:beta2:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.7.0:alpha:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.7.0:beta:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.7.0:beta2:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.7.4:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.8.2:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.9.0:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.9.0:beta:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.9.1:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.9.2:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.9.3:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:3.9.4:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:remotesensing:libtiff:4.0.2:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5
libtiff-0:3.8.2-19.el5_10 cpe:/o:redhat:enterprise_linux:5 RHSA-2014:0223 2014-02-27T00:00:00Z
Red Hat Enterprise Linux 6
libtiff-0:3.9.4-10.el6_5 cpe:/o:redhat:enterprise_linux:6 RHSA-2014:0222 2014-02-27T00:00:00Z
References
Link Providers
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2014-0223.html cve-icon cve-icon
http://seclists.org/oss-sec/2013/q2/254 cve-icon cve-icon
http://secunia.com/advisories/53237 cve-icon cve-icon
http://secunia.com/advisories/53765 cve-icon cve-icon
http://www.debian.org/security/2013/dsa-2698 cve-icon cve-icon
http://www.securityfocus.com/bid/59609 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=952158 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2013-1960 cve-icon
https://www.cve.org/CVERecord?id=CVE-2013-1960 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2013-07-03T18:00:00

Updated: 2024-08-06T15:20:37.413Z

Reserved: 2013-02-19T00:00:00

Link: CVE-2013-1960

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2013-07-03T18:55:00.870

Modified: 2024-11-21T01:50:45.210

Link: CVE-2013-1960

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-05-02T00:00:00Z

Links: CVE-2013-1960 - Bugzilla