tiff: remote DoS and possibly arbitrary code execution (CVE-2013-4243)
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
•CONFIRM: http://bugzilla.maptools.org/show\_bug.cgi?id=2451
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=996052
•DEBIAN:DSA-2744
•URL: http://www.debian.org/security/2013/dsa-2744
•REDHAT:RHSA-2014:0223
•URL: http://rhn.redhat.com/errata/RHSA-2014-0223.html
•SECUNIA:54543
•URL: http://secunia.com/advisories/54543
•SECUNIA:54628
•URL: http://secunia.com/advisories/54628
(from redmine: issue id 3081, created on 2014-06-24, closed on 2014-06-25)
- Relations:
- child #3082 (closed)
- child #3083 (closed)
- child #3084 (closed)
- child #3085 (closed)
- Changesets:
- Revision cab4b718 by Natanael Copa on 2014-06-24T14:23:53Z:
main/tiff: security fix es for CVE-2013-4243 and CVE-2013-4244
ref #3081