CVE-2013-1961
published 2013-07-03CVE-2013-1961: Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service…
PriorityP340critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
5.91%
92.3th percentile
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 4.0.2-6+nmu1 (bookworm) | tiff 4.0.2-6+nmu1 (bookworm) |
| remotesensing | libtiff | <= 4.0.3 | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
| remotesensing | libtiff | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2013-05-21
CVE-2013-1960 LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.
Emmanuel Bouillon discovered that LibTIFF incorrectly handled certain
malformed images when using the tiff2pdf tool. If a user or automated
system were tricked into opening a specially crafted TIFF image, a remote
attacker could crash the application, leading to a denial of service, or
possibly execute arbitrary code with user privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
(tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution
vendor_redhat·2013-05-02·CVSS 9.3
CVE-2013-1961 [CRITICAL] CWE-121 (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution
(tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
Debian
CVE-2013-1961: tiff - Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in li...
vendor_debian·2013·CVSS 9.3
CVE-2013-1961 [CRITICAL] CVE-2013-1961: tiff - Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in li...
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
Scope: local
bookworm: resolved (fixed in 4.0.2-6+nmu1)
bullseye: resolved (fixed in 4.0.2-6+nmu1)
forky: resolved (fixed in 4.0.2-6+nmu1)
sid: resolved (fixed in 4.0.2-6+nmu1)
trixie: resolved (fixed in 4.0.2-6+nmu1)
GHSA
GHSA-7q9j-26p4-98cm: Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4
ghsa_unreviewed·2022-05-17
CVE-2013-1961 [HIGH] CWE-119 GHSA-7q9j-26p4-98cm: Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
OSV
CVE-2013-1961: Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4
osv·2013-07-03·CVSS 9.3
CVE-2013-1961 [CRITICAL] CVE-2013-1961: Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4231 libtiff (gif2tiff): GIF LZW decoder missing datasize value check
bugzilla·2013-08-12·CVSS 4.3
CVE-2013-4231 [MEDIUM] CVE-2013-4231 libtiff (gif2tiff): GIF LZW decoder missing datasize value check
CVE-2013-4231 libtiff (gif2tiff): GIF LZW decoder missing datasize value check
Pedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool to convert RGB color, greyscale, or bi-level TIFF images to YCbCr images, and multiple buffer overflow flaws in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted TIFF or GIF file that, when processed by rgb2ycbcr and gif2tiff respectively, would cause the tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool.
References:
http://www.asmail.be/msg0055359936.html
http://www.openwall.com/lists/oss-security/2013/08/08/6
Discussion:
Analysis:
This flaw bug consists of 4 buffer-overflow flaws:
(more details at http://www.asmail.be/msg0055359936.htm
Bugzilla
CVE-2013-1961 CVE-2013-1960 mingw-libtiff various flaws [fedora-all]
bugzilla·2013-05-02·CVSS 9.3
CVE-2013-1961 [CRITICAL] CVE-2013-1961 CVE-2013-1960 mingw-libtiff various flaws [fedora-all]
CVE-2013-1961 CVE-2013-1960 mingw-libtiff various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects mult
Bugzilla
CVE-2013-1961 CVE-2013-1960 libtiff various flaws [fedora-all]
bugzilla·2013-05-02·CVSS 9.3
CVE-2013-1961 [CRITICAL] CVE-2013-1961 CVE-2013-1960 libtiff various flaws [fedora-all]
CVE-2013-1961 CVE-2013-1960 libtiff various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple s
Bugzilla
CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution
bugzilla·2013-04-15·CVSS 9.3
CVE-2013-1961 [CRITICAL] CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution
CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with malformed image-length and resolution
A stack-based buffer overflow was found in the way tiff2pdf, a TIFF image to a PDF document conversion tool, of libtiff, a library of functions for manipulating TIFF (Tagged Image File Format) image format files, performed write of TIFF image content into particular PDF document file, when malformed image-length and resolution values are used in the TIFF file. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash.
Acknowledgements:
Red Hat would like to thank Emmanuel Bouillon (NCI Agency) for reporting this issue.
Discussion:
Here is the affected code (in tiff2pdf.c):
4148 buflen=sprintf
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00058.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00080.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0223.htmlhttp://seclists.org/oss-sec/2013/q2/254http://secunia.com/advisories/53237http://secunia.com/advisories/53765http://www.debian.org/security/2013/dsa-2698http://www.securityfocus.com/bid/59607https://bugzilla.redhat.com/show_bug.cgi?id=952131http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00058.htmlhttp://lists.opensuse.org/opensuse-updates/2013-06/msg00080.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0223.htmlhttp://seclists.org/oss-sec/2013/q2/254http://secunia.com/advisories/53237http://secunia.com/advisories/53765http://www.debian.org/security/2013/dsa-2698http://www.securityfocus.com/bid/59607https://bugzilla.redhat.com/show_bug.cgi?id=952131
2013-07-03
Published