CVE-2013-4232

Published: Sep 10, 2013Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.

Affected (3)

Products: Libtiff: Libtiff · Debian: Debian Linux

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Libtiff Libtiff	Version 4.0.3
Debian Debian Linux	Version 6.0
Debian Debian Linux	Version 7.0

Related CWEs

CWE-399

References (16)

http://bugzilla.maptools.org/show_bug.cgi?id=2449

Source: secalert@redhat.com

Patch

http://rhn.redhat.com/errata/RHSA-2014-0223.html

Source: secalert@redhat.com

http://secunia.com/advisories/54543

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/54628

Source: secalert@redhat.com

Vendor Advisory

http://www.asmail.be/msg0055359936.html

Source: secalert@redhat.com

http://www.debian.org/security/2013/dsa-2744

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2013/08/10/2

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=995975

Source: secalert@redhat.com

Patch

http://bugzilla.maptools.org/show_bug.cgi?id=2449