CVE-2013-4244
Published: 28 September 2013
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.
Priority
Low
Status
| Package | Release | Status |
|---|---|---|
|
tiff Launchpad, Ubuntu, Debian |
Upstream |
Released
(4.0.3-3)
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Not vulnerable
(4.0.3-5ubuntu1)
|
|
|
Patches: upstream: cvs diff -u -r 1.13 -r 1.14 tools/gif2tiff.c |
||
|
tiff3 Launchpad, Ubuntu, Debian |
Upstream |
Not vulnerable
|
| Ubuntu 14.04 ESM (Trusty Tahr) |
Does not exist
|
|
Notes
| Author | Note |
|---|---|
| jdstrand | per Debian, tiff3 source package doesn't build the TIFF tools |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4244
- https://usn.ubuntu.com/usn/usn-2205-1
- NVD
- Launchpad
- Debian