[v3.0] tiff: remote DoS and possibly arbitrary code execution (CVE-2013-4243)
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
•CONFIRM: http://bugzilla.maptools.org/show\_bug.cgi?id=2451
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=996052
•DEBIAN:DSA-2744
•URL: http://www.debian.org/security/2013/dsa-2744
•REDHAT:RHSA-2014:0223
•URL: http://rhn.redhat.com/errata/RHSA-2014-0223.html
•SECUNIA:54543
•URL: http://secunia.com/advisories/54543
•SECUNIA:54628
•URL: http://secunia.com/advisories/54628
(from redmine: issue id 3085, created on 2014-06-24, closed on 2014-06-25)
- Relations:
- parent #3081 (closed)
- Changesets:
- Revision c04fae12 by Natanael Copa on 2014-06-24T14:34:57Z:
main/tiff: security fixes for CVE-2013-4243 and CVE-2013-4244
fixes #3085