CVE-2013-4244 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Libtiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787 — Out-of-bounds Write10 documents7 sources

Severity

6.8MEDIUMNVD

OSV4.3

EPSS

0.7%

top 29.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedSep 28

Latest updateMay 17

Description

The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDlibtiff/libtiff4.0.3+29

▶debiandebian/tiff< tiff 4.0.3-3 (bookworm)

Patches

Patch: bugzilla.maptools.org ↗Patch: bugzilla.redhat.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-537w-v4qr-w65f: The LZW decompressor in the gif2tiff tool in libtiff 4↗2022-05-17

▶

OSV

tiff vulnerabilities↗2014-05-06

▶

OSV

CVE-2013-4244: The LZW decompressor in the gif2tiff tool in libtiff 4↗2013-09-28

▶

📋Vendor Advisories

Ubuntu

LibTIFF vulnerabilities↗2014-05-06

▶

Red Hat

(gif2tiff): OOB Write in LZW decompressor↗2013-08-14

▶

Debian

CVE-2013-4244: tiff - The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows co...↗2013

▶

💬Community

Bugzilla

CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 mingw-libtiff various flaws [fedora-all]↗2013-08-14

▶

Bugzilla

CVE-2013-4231 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 libtiff various flaws [fedora-all]↗2013-08-14

▶

Bugzilla

CVE-2013-4244 libtiff (gif2tiff): OOB Write in LZW decompressor↗2013-08-13

▶