{"id":"MGASA-2013-0258","summary":"Updated libtiff packagess fix multiple security vulnerabilities","details":"Updated libtiff packages fix security vulnerabilities:\n\nPedro Ribeiro discovered a buffer overflow flaw in rgb2ycbcr, a tool to convert\nRGB color, greyscale, or bi-level TIFF images to YCbCr images, and multiple\nbuffer overflow flaws in gif2tiff, a tool to convert GIF images to TIFF. A\nremote attacker could provide a specially-crafted TIFF or GIF file that, when\nprocessed by rgb2ycbcr and gif2tiff respectively, would cause the tool to crash\nor, potentially, execute arbitrary code with the privileges of the user running\nthe tool (CVE-2013-4231)\n\nPedro Ribeiro discovered a use-after-free flaw in the t2p_readwrite_pdf_image()\nfunction in tiff2pdf, a tool for converting a TIFF image to a PDF document. A\nremote attacker could provide a specially-crafted TIFF file that, when processed\nby tiff2pdf, would cause tiff2pdf to crash or, potentially, execute arbitrary\ncode with the privileges of the user running tiff2pdf (CVE-2013-4232).\n","modified":"2026-02-01T12:55:36.022044Z","published":"2013-08-22T18:20:56Z","related":["CVE-2013-4231","CVE-2013-4232"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2013-0258.html"},{"type":"REPORT","url":"https://lists.fedoraproject.org/pipermail/package-announce/2013-August/114181.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11035"}],"affected":[{"package":{"name":"libtiff","ecosystem":"Mageia:2","purl":"pkg:rpm/mageia/libtiff?arch=source&distro=mageia-2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.1-2.7.mga2"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0258.json"}},{"package":{"name":"libtiff","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/libtiff?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.0.3-4.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2013-0258.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}