| Vulnerability Name: | CCN-86309 | ||||||
| Published: | 2013-08-01 | ||||||
| Updated: | 2013-08-01 | ||||||
| Summary: | The LibTIFF rgb2ycbcr tool is vulnerable to a stack-based buffer overflow, caused by improper handling of TIFF files when converting RGBA to YCbCr conversion. By persuading a victim to open a specially-crafted TIFF file, a remote attacker could overflow a buffer and cause the application to crash. | ||||||
| CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||
| CVSS v2 Severity: | 5.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P) 4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||
| Vulnerability Consequences: | Denial of Service | ||||||
| References: | Source: CCN Type: RHSA-2014-0222 Moderate: libtiff security update Source: CCN Type: RHSA-2014-0223 Moderate: libtiff security update Source: CCN Type: oss-sec Mailing List, Thu, 8 Aug 2013 05:42:15 -0400 (EDT) CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro Source: CCN Type: oss-sec Mailing List, Thu, 8 Aug 2013 14:06:04 -0400 (EDT) Re: CVE Request -- Four (stack-based) buffer overflows and one use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro Source: CCN Type: SA54628 LibTIFF Multiple Vulnerabilities Source: CCN Type: LibTiff Mailing List, 2013.08.01 09:21 Vulnerabilities in libtiff 4.0.3 Source: DEBIAN Type: DSA-2744 tiff -- several vulnerabilities Source: CCN Type: LibTIFF Web site LibTIFF - TIFF Library and Utilities Source: CCN Type: BID-61695 LibTIFF CVE-2013-4231 Multiple Buffer Overflow Vulnerabilities Source: XF Type: UNKNOWN libtiff-rgb2ycbcr-bo(86309) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||