CVE-2013-4244

Priority
Low
Description
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier
allows context-dependent attackers to cause a denial of service
(out-of-bounds write and crash) or possibly execute arbitrary code via a
crafted GIF image.
References
Bugs
Notes
 jdstrand> per Debian, tiff3 source package doesn't build the TIFF tools
Assigned-to
mdeslaur
Package
Source: tiff (LP Ubuntu Debian)
Upstream:released (4.0.3-3)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.9.5-2ubuntu1.6)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4.0.3-5ubuntu1)
Patches:
Upstream:cvs diff -u -r 1.13 -r 1.14 tools/gif2tiff.c
Package
Source: tiff3 (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:41:50 UTC (commit 9756)