CVE-2013-4244

Priority
Low
Description
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier
allows context-dependent attackers to cause a denial of service
(out-of-bounds write and crash) or possibly execute arbitrary code via a
crafted GIF image.
References
Bugs
Notes
jdstrand> per Debian, tiff3 source package doesn't build the TIFF tools
Assigned-to
mdeslaur
Package
Source: tiff (LP Ubuntu Debian)
Upstream:released (4.0.3-3)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.9.2-2ubuntu0.14)
Ubuntu 12.04 LTS (Precise Pangolin):released (3.9.5-2ubuntu1.6)
Ubuntu 12.10 (Quantal Quetzal):released (4.0.2-1ubuntu2.3)
Ubuntu 13.10 (Saucy Salamander):released (4.0.2-4ubuntu3.1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4.0.3-5ubuntu1)
Ubuntu 14.10 (Utopic Unicorn):not-affected (4.0.3-5ubuntu1)
Patches:
Upstream:cvs diff -u -r 1.13 -r 1.14 tools/gif2tiff.c
Package
Source: tiff3 (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):not-affected
Ubuntu 13.10 (Saucy Salamander):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 14.10 (Utopic Unicorn):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2014-05-06 15:14:35 UTC (commit 8026)