CVE-2013-4232

Priority
Low
Description
Use-after-free vulnerability in the t2p_readwrite_pdf_image function in
tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial
of service (crash) or possible execute arbitrary code via a crafted TIFF
image.
References
Bugs
Notes
jdstrand> tiff3 does not build the tiff tools
Assigned-to
mdeslaur
Package
Source: tiff (LP Ubuntu Debian)
Upstream:released (4.0.3-2)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.9.2-2ubuntu0.14)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.9.5-2ubuntu1.6)
Ubuntu 12.10 (Quantal Quetzal):released (4.0.2-1ubuntu2.3)
Ubuntu 13.10 (Saucy Salamander):released (4.0.2-4ubuntu3.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4.0.3-5ubuntu1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (4.0.3-5ubuntu1)
Patches:
Upstream:cvs diff -u -r 1.71 -r 1.72 tools/tiff2pdf.c
Package
Source: tiff3 (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):not-affected
Ubuntu 13.10 (Saucy Salamander):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2014-05-06 15:14:35 UTC (commit 8026)