CVE-2013-4231
published 2014-01-19CVE-2013-4231: Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
7.40%
93.7th percentile
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 4.0.3-2 (bookworm) | tiff 4.0.3-2 (bookworm) |
| libtiff | libtiff | <= 4.0.2 | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
LibTIFF vulnerabilities
vendor_ubuntu·2014-05-06·CVSS 4.3
CVE-2013-4231 [MEDIUM] LibTIFF vulnerabilities
Title: LibTIFF vulnerabilities
Summary: LibTIFF could be made to crash or run programs as your login if it opened a
specially crafted file.
Pedro Ribeiro discovered that LibTIFF incorrectly handled certain
malformed images when using the gif2tiff tool. If a user or automated
system were tricked into opening a specially crafted GIF image, a remote
attacker could crash the application, leading to a denial of service, or
possibly execute arbitrary code with user privileges. This issue only
affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10.
(CVE-2013-4231)
Pedro Ribeiro discovered that LibTIFF incorrectly handled certain
malformed images when using the tiff2pdf tool. If a user or automated
system were tricked into opening a specially crafted TIFF image, a remote
atta
Red Hat
(gif2tiff): GIF LZW decoder missing datasize value check
vendor_redhat·2013-08-01·CVSS 4.3
CVE-2013-4231 [MEDIUM] (gif2tiff): GIF LZW decoder missing datasize value check
(gif2tiff): GIF LZW decoder missing datasize value check
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.
Package: libtiff (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2013-4231: tiff - Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to caus...
vendor_debian·2013·CVSS 4.3
CVE-2013-4231 [MEDIUM] CVE-2013-4231: tiff - Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to caus...
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.
Scope: local
bookworm: resolved (fixed in 4.0.3-2)
bullseye: resolved (fixed in 4.0.3-2)
forky: resolved (fixed in 4.0.3-2)
sid: resolved (fixed in 4.0.3-2)
trixie: resolved (fixed in 4.0.3-2)
GHSA
GHSA-4qfr-3jpc-g89j: Multiple buffer overflows in libtiff before 4
ghsa_unreviewed·2022-05-17
CVE-2013-4231 [MEDIUM] CWE-119 GHSA-4qfr-3jpc-g89j: Multiple buffer overflows in libtiff before 4
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.
OSV
tiff vulnerabilities
osv·2014-05-06·CVSS 4.3
CVE-2013-4231 [MEDIUM] tiff vulnerabilities
tiff vulnerabilities
Pedro Ribeiro discovered that LibTIFF incorrectly handled certain
malformed images when using the gif2tiff tool. If a user or automated
system were tricked into opening a specially crafted GIF image, a remote
attacker could crash the application, leading to a denial of service, or
possibly execute arbitrary code with user privileges. This issue only
affected Ubuntu 10.04 LTS, Ubunu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10.
(CVE-2013-4231)
Pedro Ribeiro discovered that LibTIFF incorrectly handled certain
malformed images when using the tiff2pdf tool. If a user or automated
system were tricked into opening a specially crafted TIFF image, a remote
attacker could crash the application, leading to a denial of service, or
possibly execute arbitrary code with user privilege
OSV
CVE-2013-4231: Multiple buffer overflows in libtiff before 4
osv·2014-01-19·CVSS 4.3
CVE-2013-4231 [MEDIUM] CVE-2013-4231: Multiple buffer overflows in libtiff before 4
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 mingw-libtiff various flaws [fedora-all]
bugzilla·2013-08-14·CVSS 4.3
CVE-2013-4231 [MEDIUM] CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 mingw-libtiff various flaws [fedora-all]
CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 mingw-libtiff various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please n
Bugzilla
CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 libtiff various flaws [fedora-all]
bugzilla·2013-08-14·CVSS 4.3
CVE-2013-4231 [MEDIUM] CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 libtiff various flaws [fedora-all]
CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 libtiff various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: t
Bugzilla
CVE-2013-4231 libtiff (gif2tiff): GIF LZW decoder missing datasize value check
bugzilla·2013-08-12·CVSS 4.3
CVE-2013-4231 [MEDIUM] CVE-2013-4231 libtiff (gif2tiff): GIF LZW decoder missing datasize value check
CVE-2013-4231 libtiff (gif2tiff): GIF LZW decoder missing datasize value check
Pedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool to convert RGB color, greyscale, or bi-level TIFF images to YCbCr images, and multiple buffer overflow flaws in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted TIFF or GIF file that, when processed by rgb2ycbcr and gif2tiff respectively, would cause the tool to crash or, potentially, execute arbitrary code with the privileges of the user running the tool.
References:
http://www.asmail.be/msg0055359936.html
http://www.openwall.com/lists/oss-security/2013/08/08/6
Discussion:
Analysis:
This flaw bug consists of 4 buffer-overflow flaws:
(more details at http://www.asmail.be/msg0055359936.htm
http://bugzilla.maptools.org/show_bug.cgi?id=2450http://rhn.redhat.com/errata/RHSA-2014-0223.htmlhttp://secunia.com/advisories/54543http://secunia.com/advisories/54628http://www.asmail.be/msg0055359936.htmlhttp://www.debian.org/security/2013/dsa-2744http://www.openwall.com/lists/oss-security/2013/08/10/2http://www.securityfocus.com/bid/61695https://bugzilla.redhat.com/show_bug.cgi?id=995965http://bugzilla.maptools.org/show_bug.cgi?id=2450http://rhn.redhat.com/errata/RHSA-2014-0223.htmlhttp://secunia.com/advisories/54543http://secunia.com/advisories/54628http://www.asmail.be/msg0055359936.htmlhttp://www.debian.org/security/2013/dsa-2744http://www.openwall.com/lists/oss-security/2013/08/10/2http://www.securityfocus.com/bid/61695https://bugzilla.redhat.com/show_bug.cgi?id=995965
2014-01-19
Published