fkie_nvd - fkie_cve-2013-4244

fkie_cve-2013-4244

Vulnerability from fkie_nvd

Published

2013-09-28 19:55

Modified

2024-11-21 01:55

Severity ?

Summary

The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.

References

URL	Tags
secalert@redhat.com	http://bugzilla.maptools.org/show_bug.cgi?id=2452	Patch
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2014-0223.html
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=996468	Patch
secalert@redhat.com	https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833	Patch
af854a3a-2127-422b-91ae-364da2661108	http://bugzilla.maptools.org/show_bug.cgi?id=2452	Patch
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2014-0223.html
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=996468	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833	Patch

Impacted products

Vendor	Product	Version
libtiff	libtiff	*
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.4
libtiff	libtiff	3.5.1
libtiff	libtiff	3.5.2
libtiff	libtiff	3.5.3
libtiff	libtiff	3.5.4
libtiff	libtiff	3.5.5
libtiff	libtiff	3.5.6
libtiff	libtiff	3.5.6
libtiff	libtiff	3.5.7
libtiff	libtiff	3.5.7
libtiff	libtiff	3.5.7
libtiff	libtiff	3.5.7
libtiff	libtiff	3.5.7
libtiff	libtiff	3.5.7
libtiff	libtiff	3.6.0
libtiff	libtiff	3.6.0
libtiff	libtiff	3.6.0
libtiff	libtiff	3.6.1
libtiff	libtiff	3.7.0
libtiff	libtiff	3.7.0
libtiff	libtiff	3.7.0
libtiff	libtiff	3.7.0
libtiff	libtiff	3.7.1
libtiff	libtiff	3.7.2
libtiff	libtiff	3.7.3
libtiff	libtiff	3.7.4
libtiff	libtiff	3.8.0
libtiff	libtiff	3.8.1
libtiff	libtiff	3.8.2
libtiff	libtiff	3.9
libtiff	libtiff	3.9.0
libtiff	libtiff	3.9.0
libtiff	libtiff	3.9.1
libtiff	libtiff	3.9.2
libtiff	libtiff	3.9.2-5.2.1
libtiff	libtiff	3.9.3
libtiff	libtiff	3.9.4
libtiff	libtiff	3.9.5
libtiff	libtiff	4.0
libtiff	libtiff	4.0
libtiff	libtiff	4.0
libtiff	libtiff	4.0
libtiff	libtiff	4.0
libtiff	libtiff	4.0
libtiff	libtiff	4.0
libtiff	libtiff	4.0
libtiff	libtiff	4.0.1
libtiff	libtiff	4.0.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD47D8D8-A63A-4B4E-A704-D570DEBB9707",
              "versionEndIncluding": "4.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCA5EEB8-9D2C-49A9-BB08-CE5017B79D81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*",
              "matchCriteriaId": "A0FB4929-8937-458C-88F0-E0484F84F921",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*",
              "matchCriteriaId": "10457960-162A-443D-91D0-2857DCEB5B62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*",
              "matchCriteriaId": "157D32AA-0783-4316-A8AA-1F4063B31C9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*",
              "matchCriteriaId": "1C3379CF-499D-46CA-90DF-11F4CB7F4FC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*",
              "matchCriteriaId": "52D44C48-E6DE-4E37-920F-7591771C7A39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*",
              "matchCriteriaId": "08C0C0E9-6338-4320-BACF-B10939E53FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*",
              "matchCriteriaId": "C19CD7D3-036D-41E1-9E61-B274D079ACAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*",
              "matchCriteriaId": "1A8470B2-2D9F-4507-85CB-2702555F7146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*",
              "matchCriteriaId": "09FF2649-4998-479D-9FC5-9C749BA12E5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*",
              "matchCriteriaId": "F304C7D0-7CA3-42D4-AB9F-382AA418E781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "261FAE51-5207-4136-9FFE-2330A281266C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B32C83B9-F7DA-450A-A687-9A73734CD712",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9485283A-B73E-4567-914A-42A86F5FFCB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "95892168-0FB6-4E3F-9303-2F9B3CF60D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5021564-5E0A-4DDC-BC68-200B6050043E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "11C50750-FE1D-42BA-9125-7D8E872AA2DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*",
              "matchCriteriaId": "C92B050F-30C7-421B-8556-9CC1A6D457B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "19AA66E5-FDDD-4243-B945-DFEBDD25F258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "38D31C28-1DB2-454F-AF44-9898106FF5E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "4DCCA926-3993-4CE2-A3CB-B9FE2A1991F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "E68FD79C-D26E-4B86-A22C-96FC60438EFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "1EC9867E-0FC3-4D93-8166-DA17ED88D199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*",
              "matchCriteriaId": "1397747F-8A50-47B3-8164-221650080F76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62F359CD-5DC4-4919-B8E1-95BDDBD27EFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "65173C5E-B3D8-4428-8600-C3B34E3BB789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "0E99997F-033C-42FE-BCE8-CAC329DAFFAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C8C550-3313-4266-B4B3-E9E9047CFE04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABEEBA7B-81D5-4148-912B-9AD448BBE741",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "1663754A-2AF4-46BC-9196-E29D8C019892",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "566C6E9C-318C-4C1E-86A8-429615215EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "22987AEF-ADA2-4D60-8C02-AFE6CD9A930B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "448555FE-8E91-4EA7-BA05-6915F5508319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CA0A79A-0591-4AC0-A2D1-40C34FA75B01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C8C1070-4A65-41A3-AD01-F12626042CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CD3B7F-24C5-49F4-93D2-CA43FF284907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44BC5E2C-B6A6-4999-A1EA-B91DA5C350C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2850FD9-8BE8-410E-8A24-28549DAACEB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A24DC5-2DF5-4CA2-A0CD-BE0650CA6F5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "81A01676-7D0B-4F92-A874-28ACDB728A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D0901DF-4C9A-46A6-A5F9-6CFC945B39AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "057A1E58-0D95-4EA6-88B1-B05136E03770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67179D4-2714-42FE-8115-19DBC5D1E3E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABA6B36E-B99E-4F3A-BD19-C1525A4479D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.2-5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71F123A4-81BC-4A69-85AC-7228AAC2C993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D83405B-B94F-4631-9B1A-00131797B936",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D90F487-9E11-47F7-B876-60DC451FA622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D16319C-DE79-4255-A692-6FED65DE9C44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "771AFF6D-7E21-4773-9B5B-FBDAAF7E0E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:4.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "67471D55-629A-41E4-93CE-AE621F1E601C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:4.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "C3DE62E7-01A1-4A58-954C-1DC80DD0F33D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:4.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "175E2A2C-A6B6-4FDE-9D23-74B9DA28D60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:4.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "A9B1F1B0-07F0-437F-8812-78CC49A3D261",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:4.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "3A2655FA-3C44-4FA1-97E4-26859D9B80C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:4.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "D436B894-A40C-45D8-A012-92F99F0B8D57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:4.0:beta6:*:*:*:*:*:*",
              "matchCriteriaId": "B2724F1A-B14E-4221-957C-FFEA8953E63A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F952B2-E064-4E67-B25A-6A48AC794728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F46566-068C-4C82-B838-BA0662FD5F90",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image."
    },
    {
      "lang": "es",
      "value": "El decompresor LZW en la utilidad gif2tiff de libtiff 4.0.3 y anteriores permite a un atacante dependiente de contexto causar una denegaci\u00f3n de servicio (escritura fuera de rango y ca\u00edda) o posiblemente ejecutar c\u00f3digo a discrecci\u00f3n a trav\u00e9s de una imagen GIF manipulada."
    }
  ],
  "id": "CVE-2013-4244",
  "lastModified": "2024-11-21T01:55:12.263",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-09-28T19:55:03.117",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2452"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996468"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=996468"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-4244

Vulnerability from cvelistv5

Published

2013-09-28 19:00

Modified

2024-08-06 16:38