Lucene search

[email protected]CVE-2013-4244

HistorySep 28, 2013 - 7:55 p.m.

CVE-2013-4244

2013-09-2819:55:03

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-4244

lzw decompressor

libtiff 4.0.3

denial of service

out-of-bounds write

execute arbitrary code

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.3%

JSON

The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.

Affected configurations

NVD

Node

libtifflibtiffRange≤4.0.3

libtifflibtiffMatch3.4

libtifflibtiffMatch3.4beta18

libtifflibtiffMatch3.4beta24

libtifflibtiffMatch3.4beta28

libtifflibtiffMatch3.4beta29

libtifflibtiffMatch3.4beta31

libtifflibtiffMatch3.4beta32

libtifflibtiffMatch3.4beta34

libtifflibtiffMatch3.4beta35

libtifflibtiffMatch3.4beta36

libtifflibtiffMatch3.4beta37

libtifflibtiffMatch3.5.1

libtifflibtiffMatch3.5.2

libtifflibtiffMatch3.5.3

libtifflibtiffMatch3.5.4

libtifflibtiffMatch3.5.5

libtifflibtiffMatch3.5.6

libtifflibtiffMatch3.5.6beta

libtifflibtiffMatch3.5.7

libtifflibtiffMatch3.5.7alpha

libtifflibtiffMatch3.5.7alpha2

libtifflibtiffMatch3.5.7alpha3

libtifflibtiffMatch3.5.7alpha4

libtifflibtiffMatch3.5.7beta

libtifflibtiffMatch3.6.0

libtifflibtiffMatch3.6.0beta

libtifflibtiffMatch3.6.0beta2

libtifflibtiffMatch3.6.1

libtifflibtiffMatch3.7.0

libtifflibtiffMatch3.7.0alpha

libtifflibtiffMatch3.7.0beta

libtifflibtiffMatch3.7.0beta2

libtifflibtiffMatch3.7.1

libtifflibtiffMatch3.7.2

libtifflibtiffMatch3.7.3

libtifflibtiffMatch3.7.4

libtifflibtiffMatch3.8.0

libtifflibtiffMatch3.8.1

libtifflibtiffMatch3.8.2

libtifflibtiffMatch3.9

libtifflibtiffMatch3.9.0

libtifflibtiffMatch3.9.0beta

libtifflibtiffMatch3.9.1

libtifflibtiffMatch3.9.2

libtifflibtiffMatch3.9.2-5.2.1

libtifflibtiffMatch3.9.3

libtifflibtiffMatch3.9.4

libtifflibtiffMatch3.9.5

libtifflibtiffMatch4.0

libtifflibtiffMatch4.0alpha

libtifflibtiffMatch4.0beta1

libtifflibtiffMatch4.0beta2

libtifflibtiffMatch4.0beta3

libtifflibtiffMatch4.0beta4

libtifflibtiffMatch4.0beta5

libtifflibtiffMatch4.0beta6

libtifflibtiffMatch4.0.1

libtifflibtiffMatch4.0.2

CPENameOperatorVersion
libtiff:libtifflibtiffle4.0.3
libtiff:libtifflibtiffeq3.4
libtiff:libtifflibtiffeq3.5.1
libtiff:libtifflibtiffeq3.5.2
libtiff:libtifflibtiffeq3.5.3
libtiff:libtifflibtiffeq3.5.4
libtiff:libtifflibtiffeq3.5.5
libtiff:libtifflibtiffeq3.5.6
libtiff:libtifflibtiffeq3.5.7
libtiff:libtifflibtiffeq3.6.0

CPE	Name	Operator	Version
libtiff:libtiff	libtiff	le	4.0.3
libtiff:libtiff	libtiff	eq	3.4
libtiff:libtiff	libtiff	eq	3.5.1
libtiff:libtiff	libtiff	eq	3.5.2
libtiff:libtiff	libtiff	eq	3.5.3
libtiff:libtiff	libtiff	eq	3.5.4
libtiff:libtiff	libtiff	eq	3.5.5
libtiff:libtiff	libtiff	eq	3.5.6
libtiff:libtiff	libtiff	eq	3.5.7
libtiff:libtiff	libtiff	eq	3.6.0