Use-After-Free in libtiff 4.0.3 Affects Remote Code Execution
CVE-2013-4232

Currently unrated

Key Information:

Vendor: Libtiff
Status: Libtiff; Debian Linux
Vendor: CVE Published:; 10 September 2013

What is CVE-2013-4232?

The use-after-free vulnerability found in the t2p_readwrite_pdf_image function within libtiff 4.0.3 allows attackers to exploit crafted TIFF images. This can lead to a denial of service by crashing the application or potentially allow attackers to execute arbitrary code, compromising the integrity and security of the system. Users are advised to update to patched versions to mitigate these risks.

References

http://bugzilla.maptools.org/show_bug.cgi?id=2449

x_refsource_CONFIRM

http://rhn.redhat.com/errata/RHSA-2014-0223.html

vendor-advisoryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=995975

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2013
Vulnerability Reserved
Jun 12, 2013

Libtiff

What is CVE-2013-4232?

References

Timeline