Skip to main content

Libtiff CVE-2013-1961

CRITICAL
Buffer Overflow (CWE-119)
2013-07-03 secalert@redhat.com
9.3
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
9.3 CRITICAL
AV:N/AC:M/Au:N/C:C/I:C/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:C/I:C/A:C
Attack Vector
Network
Attack Complexity
M
Confidentiality
C
Integrity
C
Availability
C

Lifecycle Timeline

1
CVE Published
Jul 03, 2013 - 18:55 cve.org
CRITICAL 9.3

DescriptionCVE.org

Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.

AnalysisAI

Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. Affected products include: Remotesensing Libtiff. Version information: before 4.0.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2012-4564 MEDIUM POC
6.8 Nov 11

ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a deni

CVE-2015-8668 CRITICAL POC
9.8 Jan 08

Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier

CVE-2015-7554 CRITICAL POC
9.8 Jan 08

The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory

CVE-2016-9534 CRITICAL POC
9.8 Nov 22

tif_write.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1() that didn't reset the tif_rawcc and

CVE-2017-17095 HIGH POC
8.8 Dec 02

tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-b

CVE-2016-8331 HIGH POC
8.1 Oct 28

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. Rated

CVE-2017-5225 HIGH POC
8.8 Jan 12

LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via

CVE-2017-17973 HIGH POC
8.8 Dec 29

In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. Rated high severity

CVE-2017-9935 HIGH POC
8.8 Jun 26

In LibTIFF 4.0.8, there is a heap-based buffer overflow in the t2p_write_pdf function in tools/tiff2pdf.c. Rated high se

CVE-2017-17942 HIGH POC
8.8 Dec 28

In LibTIFF 4.0.9, there is a heap-based buffer over-read in the function PackBitsEncode in tif_packbits.c. Rated high se

CVE-2023-25434 HIGH POC
8.8 Jun 14

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215. Rated

CVE-2022-3970 HIGH POC
8.8 Nov 13

A vulnerability was found in LibTIFF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no aut

Share

CVE-2013-1961 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy