You are here

CVE-2013-1960

Vincent (CVE) Danen's picture
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.

Details Source

Mitre

Public Date

2013-05-02 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip()

Bugzilla ID

952 158

CVSS Status

verified

Base Score

5.10

Base Metrics

AV:N/AC:H/Au:N/C:P/I:P/A:P

Acknowledgements

Red Hat would like to thank Emmanuel Bouillon (NCI Agency) for reporting this issue.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (libtiff) RHSA-2014:0223 2014-02-27
Red Hat Enterprise Linux 6 (libtiff) RHSA-2014:0222 2014-02-27

CWE

CWE-122