CVE-2013-4244

UNKNOWN

The LZW decompressor in the gif2tiff tool in libtiff 4

Published Sep 28, 2013

Modified 1 years ago

Details

The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.

References

WEB

http://bugzilla.maptools.org/show_bug.cgi?id=2452

ADVISORY

http://rhn.redhat.com/errata/RHSA-2014-0223.html

WEB

https://bugzilla.redhat.com/show_bug.cgi?id=996468

WEB

https://github.com/vadz/libtiff/commit/ce6841d9e41d621ba23cf18b190ee6a23b2cc833

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2013-4244

CVSS Analysis

CVSS v2.0

6.8

Exploitability

Access Vector

NetworkAV:N

Access Complexity

MediumAC:M

Authentication

NoneAu:N

Impact

Confidentiality

PartialC:P

Integrity

PartialI:P

Availability

PartialA:P

6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P

Ecosystems

Timeline

PublishedSep 28, 2013

ModifiedAug 6, 2024