6.8

CVE-2013-4243

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version <= 4.0.3
LibtiffLibtiff Version3.4
LibtiffLibtiff Version3.4 Updatebeta18
LibtiffLibtiff Version3.4 Updatebeta24
LibtiffLibtiff Version3.4 Updatebeta28
LibtiffLibtiff Version3.4 Updatebeta29
LibtiffLibtiff Version3.4 Updatebeta31
LibtiffLibtiff Version3.4 Updatebeta32
LibtiffLibtiff Version3.4 Updatebeta34
LibtiffLibtiff Version3.4 Updatebeta35
LibtiffLibtiff Version3.4 Updatebeta36
LibtiffLibtiff Version3.4 Updatebeta37
LibtiffLibtiff Version3.5.1
LibtiffLibtiff Version3.5.2
LibtiffLibtiff Version3.5.3
LibtiffLibtiff Version3.5.4
LibtiffLibtiff Version3.5.5
LibtiffLibtiff Version3.5.6
LibtiffLibtiff Version3.5.6 Updatebeta
LibtiffLibtiff Version3.5.7
LibtiffLibtiff Version3.5.7 Updatealpha
LibtiffLibtiff Version3.5.7 Updatealpha2
LibtiffLibtiff Version3.5.7 Updatealpha3
LibtiffLibtiff Version3.5.7 Updatealpha4
LibtiffLibtiff Version3.5.7 Updatebeta
LibtiffLibtiff Version3.6.0
LibtiffLibtiff Version3.6.0 Updatebeta
LibtiffLibtiff Version3.6.0 Updatebeta2
LibtiffLibtiff Version3.6.1
LibtiffLibtiff Version3.7.0
LibtiffLibtiff Version3.7.0 Updatealpha
LibtiffLibtiff Version3.7.0 Updatebeta
LibtiffLibtiff Version3.7.0 Updatebeta2
LibtiffLibtiff Version3.7.1
LibtiffLibtiff Version3.7.2
LibtiffLibtiff Version3.7.3
LibtiffLibtiff Version3.7.4
LibtiffLibtiff Version3.8.0
LibtiffLibtiff Version3.8.1
LibtiffLibtiff Version3.8.2
LibtiffLibtiff Version3.9
LibtiffLibtiff Version3.9.0
LibtiffLibtiff Version3.9.0 Updatebeta
LibtiffLibtiff Version3.9.1
LibtiffLibtiff Version3.9.2
LibtiffLibtiff Version3.9.2-5.2.1
LibtiffLibtiff Version3.9.3
LibtiffLibtiff Version3.9.4
LibtiffLibtiff Version3.9.5
LibtiffLibtiff Version4.0
LibtiffLibtiff Version4.0 Updatealpha
LibtiffLibtiff Version4.0 Updatebeta1
LibtiffLibtiff Version4.0 Updatebeta2
LibtiffLibtiff Version4.0 Updatebeta3
LibtiffLibtiff Version4.0 Updatebeta4
LibtiffLibtiff Version4.0 Updatebeta5
LibtiffLibtiff Version4.0 Updatebeta6
LibtiffLibtiff Version4.0.1
LibtiffLibtiff Version4.0.2
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.81% 0.939
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://rhn.redhat.com/errata/RHSA-2014-0223.html
http://secunia.com/advisories/54543
Vendor Advisory
http://secunia.com/advisories/54628
Vendor Advisory
http://www.debian.org/security/2013/dsa-2744
http://bugzilla.maptools.org/show_bug.cgi?id=2451
Patch
http://www.securityfocus.com/bid/62082
https://bugzilla.redhat.com/show_bug.cgi?id=996052
Patch
https://security.gentoo.org/glsa/201701-16