CVE-2013-1960 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow9 documents7 sources

Severity

9.3CRITICALNVD

EPSS

4.5%

top 10.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Remotesensing Libtiff

Timeline

PublishedJul 3

Latest updateMay 17

Description

Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDremotesensing/libtiff4.0.3+26

▶debiandebian/tiff< tiff 4.0.2-6+nmu1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-vqhx-4gwh-xx5q: Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4↗2022-05-17

▶

OSV

CVE-2013-1960: Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4↗2013-07-03

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2013-05-21

▶

Red Hat

(tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip()↗2013-05-02

▶

Debian

CVE-2013-1960: tiff - Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in...↗2013

▶

💬Community

Bugzilla

CVE-2013-1961 CVE-2013-1960 mingw-libtiff various flaws [fedora-all]↗2013-05-02

▶

Bugzilla

CVE-2013-1961 CVE-2013-1960 libtiff various flaws [fedora-all]↗2013-05-02

▶

Bugzilla

CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip()↗2013-04-15

▶