Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2013:208 | First vendor Publication | 2013-08-06 |
Vendor | Mandriva | Last vendor Modification | 2013-08-06 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Updated libtiff packages fix security vulnerabilities: A heap-based buffer overflow flaw was found in the way tiff2pdf of libtiff performed write of TIFF image content into particular PDF document file, in the tp_process_jpeg_strip() function. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash or, potentially, arbitrary code execution with the privileges of the user running the tiff2pdf binary (CVE-2013-1960). A stack-based buffer overflow was found in the way tiff2pdf of libtiff performed write of TIFF image content into particular PDF document file, when malformed image-length and resolution values are used in the TIFF file. A remote attacker could provide a specially-crafted TIFF image format file, that when processed by tiff2pdf would lead to tiff2pdf executable crash (CVE-2013-1961). |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2013:208 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18349 | |||
Oval ID: | oval:org.mitre.oval:def:18349 | ||
Title: | USN-1832-1 -- tiff vulnerabilities | ||
Description: | LibTIFF could be made to crash or run programs as your login if it opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1832-1 CVE-2013-1960 CVE-2013-1961 | Version: | 7 |
Platform(s): | Ubuntu 13.04 Ubuntu 12.10 Ubuntu 12.04 Ubuntu 10.04 | Product(s): | tiff |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20013 | |||
Oval ID: | oval:org.mitre.oval:def:20013 | ||
Title: | DSA-2698-1 tiff - buffer overflow | ||
Description: | Multiple issues were discovered in the TIFF tools, a set of utilities for TIFF image file manipulation and conversion. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2698-1 CVE-2013-1960 CVE-2013-1961 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/Linux 7 Debian GNU/kFreeBSD 6.0 Debian GNU/kFreeBSD 7 | Product(s): | tiff |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:26020 | |||
Oval ID: | oval:org.mitre.oval:def:26020 | ||
Title: | SUSE-SU-2013:0795-1 -- Security update for libtiff | ||
Description: | This update fixes two buffer overflow security issues with libtiff: * CVE-2013-1960 * CVE-2013-1961 | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:0795-1 CVE-2013-1960 CVE-2013-1961 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server 10 SUSE Linux Enterprise Desktop 11 SUSE Linux Enterprise Desktop 10 | Product(s): | libtiff |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-09-06 | Name : The remote Debian host is missing a security update. File : debian_DLA-610.nasl - Type : ACT_GATHER_INFO |
2016-08-03 | Name : The remote OracleVM host is missing a security update. File : oraclevm_OVMSA-2016-0093.nasl - Type : ACT_GATHER_INFO |
2015-06-08 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL16715.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_libtiff_20131217.nasl - Type : ACT_GATHER_INFO |
2014-11-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2014-0339.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2013-431.nasl - Type : ACT_GATHER_INFO |
2014-03-18 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2014-307.nasl - Type : ACT_GATHER_INFO |
2014-02-28 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0223.nasl - Type : ACT_GATHER_INFO |
2014-02-28 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140227_libtiff_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2014-02-28 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20140227_libtiff_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2014-02-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0223.nasl - Type : ACT_GATHER_INFO |
2014-02-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2014-0222.nasl - Type : ACT_GATHER_INFO |
2014-02-28 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2014-0222.nasl - Type : ACT_GATHER_INFO |
2014-02-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0223.nasl - Type : ACT_GATHER_INFO |
2014-02-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2014-0222.nasl - Type : ACT_GATHER_INFO |
2014-02-23 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201402-21.nasl - Type : ACT_GATHER_INFO |
2013-10-20 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2013-290-01.nasl - Type : ACT_GATHER_INFO |
2013-08-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2013-208.nasl - Type : ACT_GATHER_INFO |
2013-06-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2698.nasl - Type : ACT_GATHER_INFO |
2013-05-22 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1832-1.nasl - Type : ACT_GATHER_INFO |
2013-05-19 | Name : The remote Fedora host is missing a security update. File : fedora_2013-7361.nasl - Type : ACT_GATHER_INFO |
2013-05-16 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libtiff-devel-130506.nasl - Type : ACT_GATHER_INFO |
2013-05-14 | Name : The remote Fedora host is missing a security update. File : fedora_2013-7369.nasl - Type : ACT_GATHER_INFO |
2013-05-10 | Name : The remote Fedora host is missing a security update. File : fedora_2013-7339.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:43:56 |
|
2013-08-06 17:20:12 |
|