CVE-2013-4243
tiff - security update
EPSS 18.7%
Description
Heap-based buffer overflow in the readgifimage function in the gif2tiff tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted height and width values in a GIF image.
How to fix CVE-2013-4243
To remediate CVE-2013-4243, upgrade the affected package to a fixed version below.
- Debian/tiff—upgrade to 4.0.3-9 or later
- Debian/tiff—upgrade to 3.9.4-5+squeeze11 or later
- Debian/tiff—upgrade to 4.0.2-6+deb7u3 or later
Is CVE-2013-4243 being exploited?
Moderate — EPSS is 18.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (3)
- from 0, < 4.0.3-9
- from 0, < 3.9.4-5+squeeze11
- from 0, < 4.0.2-6+deb7u3