CVE-2013-4232 — Use After Free in Tiff

CWE-399 CWE-416 — Use After Free11 documents7 sources

Severity

6.8MEDIUMNVD

OSV4.3

EPSS

1.3%

top 20.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Debian Linux Libtiff

Timeline

PublishedSep 10

Latest updateMay 17

Description

Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.3

▶debiandebian/tiff< tiff 4.0.3-2 (bookworm)

Also affects: Debian Linux 6.0, 7.0

Patches

Patch: bugzilla.maptools.org ↗Patch: bugzilla.redhat.com ↗Patch: bugzilla.maptools.org ↗

🔴Vulnerability Details

GHSA

GHSA-m5m4-9rh8-rjhp: Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf↗2022-05-17

▶

OSV

tiff vulnerabilities↗2014-05-06

▶

OSV

CVE-2013-4232: Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf↗2013-09-10

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2014-05-06

▶

Red Hat

(tiff2pdf): use-after-free in t2p_readwrite_pdf_image()↗2013-08-01

▶

Debian

CVE-2013-4232: tiff - Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/ti...↗2013

▶

💬Community

Bugzilla

CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 mingw-libtiff various flaws [fedora-all]↗2013-08-14

▶

Bugzilla

CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 libtiff various flaws [fedora-all]↗2013-08-14

▶

Bugzilla

CVE-2013-4232 libtiff (tiff2pdf): use-after-free in t2p_readwrite_pdf_image()↗2013-08-12

▶

Bugzilla

CVE-2013-4231 libtiff (gif2tiff): GIF LZW decoder missing datasize value check↗2013-08-12

▶