Vulnerability Details : CVE-2013-1960
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-1960
Probability of exploitation activity in the next 30 days: 4.41%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-1960
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2013-1960
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1960
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html
[SECURITY] Fedora 17 Update: libtiff-3.9.7-2.fc17
-
http://rhn.redhat.com/errata/RHSA-2014-0223.html
RHSA-2014:0223 - Security Advisory - Red Hat Customer Portal
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html
[SECURITY] Fedora 19 Update: libtiff-4.0.3-6.fc19
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html
openSUSE-SU-2013:0922-1: moderate: tiff
-
https://bugzilla.redhat.com/show_bug.cgi?id=952158
952158 – (CVE-2013-1960) CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip()
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html
openSUSE-SU-2013:0944-1: moderate: tiff
-
http://www.securityfocus.com/bid/59609
LibTIFF 't2_process_jpeg_strip()' Function Heap-based Buffer Overflow Vulnerability
-
http://www.debian.org/security/2013/dsa-2698
Debian -- Security Information -- DSA-2698-1 tiff
-
http://seclists.org/oss-sec/2013/q2/254
oss-sec: Fwd: Two libtiff (tiff2pdf flaws)
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html
[SECURITY] Fedora 18 Update: libtiff-4.0.3-6.fc18
Products affected by CVE-2013-1960
- cpe:2.3:a:remotesensing:libtiff:*:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta28:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta29:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta37:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha4:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.9.0:beta:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta24:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta18:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta36:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta35:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.6:beta:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta32:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta31:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha2:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.6.0:beta:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta34:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.7:beta:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha3:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.0:beta:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:4.0.1:*:*:*:*:*:*:*