Vulnerability Details : CVE-2013-1960
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2013-1960
- cpe:2.3:a:remotesensing:libtiff:*:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta28:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta29:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta37:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha4:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.9.0:beta:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta24:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta18:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta36:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta35:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.6:beta:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta32:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta31:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha2:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.6.0:beta:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:4.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.4:beta34:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.7:beta:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha3:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.0:beta:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:3.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:remotesensing:libtiff:4.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1960
6.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1960
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2013-1960
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1960
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html
[SECURITY] Fedora 17 Update: libtiff-3.9.7-2.fc17
-
http://rhn.redhat.com/errata/RHSA-2014-0223.html
RHSA-2014:0223 - Security Advisory - Red Hat Customer Portal
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html
[SECURITY] Fedora 19 Update: libtiff-4.0.3-6.fc19
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html
openSUSE-SU-2013:0922-1: moderate: tiff
-
https://bugzilla.redhat.com/show_bug.cgi?id=952158
952158 – (CVE-2013-1960) CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in t2_process_jpeg_strip()
-
http://secunia.com/advisories/53765
Sign inVendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html
openSUSE-SU-2013:0944-1: moderate: tiff
-
http://www.securityfocus.com/bid/59609
LibTIFF 't2_process_jpeg_strip()' Function Heap-based Buffer Overflow Vulnerability
-
http://www.debian.org/security/2013/dsa-2698
Debian -- Security Information -- DSA-2698-1 tiff
-
http://seclists.org/oss-sec/2013/q2/254
oss-sec: Fwd: Two libtiff (tiff2pdf flaws)
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html
[SECURITY] Fedora 18 Update: libtiff-4.0.3-6.fc18
-
http://secunia.com/advisories/53237
Sign inVendor Advisory
Jump to