6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.035 Low
EPSS
Percentile
91.6%
Package : tiff
Version : 3.9.4-5+squeeze11
CVE ID : CVE-2013-4243
Debian Bug : #742917
Murray McAllister discovered a heap-based buffer overflow in the gif2tiff
command line tool. Executing gif2tiff on a malicious tiff image could
result in arbitrary code execution.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | sparc | libtiffxx5 | < 4.0.2-6+deb7u3 | libtiffxx5_4.0.2-6+deb7u3_sparc.deb |
Debian | 7 | powerpc | libtiffxx5 | < 4.0.2-6+deb7u3 | libtiffxx5_4.0.2-6+deb7u3_powerpc.deb |
Debian | 7 | s390x | libtiff5-dev | < 4.0.2-6+deb7u3 | libtiff5-dev_4.0.2-6+deb7u3_s390x.deb |
Debian | 7 | all | libtiff-doc | < 4.0.2-6+deb7u3 | libtiff-doc_4.0.2-6+deb7u3_all.deb |
Debian | 6 | all | tiff | < 3.9.4-5+squeeze11 | tiff_3.9.4-5+squeeze11_all.deb |
Debian | 7 | s390 | libtiff5-alt-dev | < 4.0.2-6+deb7u3 | libtiff5-alt-dev_4.0.2-6+deb7u3_s390.deb |
Debian | 7 | sparc | libtiff5-alt-dev | < 4.0.2-6+deb7u3 | libtiff5-alt-dev_4.0.2-6+deb7u3_sparc.deb |
Debian | 7 | s390x | libtiff5 | < 4.0.2-6+deb7u3 | libtiff5_4.0.2-6+deb7u3_s390x.deb |
Debian | 7 | i386 | libtiff5-alt-dev | < 4.0.2-6+deb7u3 | libtiff5-alt-dev_4.0.2-6+deb7u3_i386.deb |
Debian | 7 | mipsel | libtiff5 | < 4.0.2-6+deb7u3 | libtiff5_4.0.2-6+deb7u3_mipsel.deb |