Red Hat Customer Portal

Skip to main content

CVE-2013-4243

Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.

Details Source

Mitre

Public Date

2013-08-14 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-4243 libtiff (gif2tiff): possible heap-based buffer overflow in readgifimage()

Bugzilla ID

996 052

CVSS Status

verified

Base Score

5.10

Base Metrics

AV:N/AC:H/Au:N/C:P/I:P/A:P

Acknowledgements

This issue was discovered by Murray McAllister of the Red Hat Security Response Team.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (libtiff) RHSA-2014:0223 2014-02-27
Red Hat Enterprise Linux 6 (libtiff) RHSA-2014:0222 2014-02-27

CWE

CWE-122

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 libtiff Not affected