CVE-2013-4244

Public on 2013-09-28
Modified on 2014-09-19
Description
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a crafted GIF image.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.1
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 libtiff 2014-03-13 ALAS-2014-307 Fixed
Amazon Linux 1 libtiff 2014-06-26 ALAS-2014-365 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P
NVD CVSSv2 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P