CVE-2013-4231Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
18.4%
top 4.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian TiffLibtiff
Timeline
PublishedJan 19
Latest updateMay 17

Description

Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDlibtiff/libtiff4.0.2+2
debiandebian/tiff< tiff 4.0.3-2 (bookworm)

🔴Vulnerability Details

3
GHSA
GHSA-4qfr-3jpc-g89j: Multiple buffer overflows in libtiff before 42022-05-17
OSV
tiff vulnerabilities2014-05-06
OSV
CVE-2013-4231: Multiple buffer overflows in libtiff before 42014-01-19

📋Vendor Advisories

3
Ubuntu
LibTIFF vulnerabilities2014-05-06
Red Hat
(gif2tiff): GIF LZW decoder missing datasize value check2013-08-01
Debian
CVE-2013-4231: tiff - Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to caus...2013

💬Community

3
Bugzilla
CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 mingw-libtiff various flaws [fedora-all]2013-08-14
Bugzilla
CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 libtiff various flaws [fedora-all]2013-08-14
Bugzilla
CVE-2013-4231 libtiff (gif2tiff): GIF LZW decoder missing datasize value check2013-08-12