Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2013-1960 (GCVE-0-2013-1960)
Vulnerability from cvelistv5 – Published: 2013-07-03 18:00 – Updated: 2024-08-06 15:20
VLAI?
EPSS
Summary
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:20:37.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53237"
},
{
"name": "FEDORA-2013-7369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html"
},
{
"name": "DSA-2698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2698"
},
{
"name": "59609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/59609"
},
{
"name": "53765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/53765"
},
{
"name": "openSUSE-SU-2013:0944",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html"
},
{
"name": "RHSA-2014:0223",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
},
{
"name": "[oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q2/254"
},
{
"name": "FEDORA-2013-7361",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952158"
},
{
"name": "openSUSE-SU-2013:0922",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html"
},
{
"name": "FEDORA-2013-7339",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "53237",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53237"
},
{
"name": "FEDORA-2013-7369",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html"
},
{
"name": "DSA-2698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2698"
},
{
"name": "59609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/59609"
},
{
"name": "53765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/53765"
},
{
"name": "openSUSE-SU-2013:0944",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html"
},
{
"name": "RHSA-2014:0223",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
},
{
"name": "[oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q2/254"
},
{
"name": "FEDORA-2013-7361",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952158"
},
{
"name": "openSUSE-SU-2013:0922",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html"
},
{
"name": "FEDORA-2013-7339",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1960",
"datePublished": "2013-07-03T18:00:00.000Z",
"dateReserved": "2013-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:20:37.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2014-AVI-112
Vulnerability from certfr_avis - Published: 2014-03-10 - Updated: 2014-03-10
De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Solaris 11.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris 9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-5718",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5718"
},
{
"name": "CVE-2013-1960",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1960"
},
{
"name": "CVE-2013-4123",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4123"
},
{
"name": "CVE-2013-5745",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5745"
},
{
"name": "CVE-2013-4231",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4231"
},
{
"name": "CVE-2006-4810",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-4810"
},
{
"name": "CVE-2013-4164",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4164"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2013-4408",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4408"
},
{
"name": "CVE-2014-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0397"
},
{
"name": "CVE-2013-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
},
{
"name": "CVE-2013-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1418"
},
{
"name": "CVE-2011-3970",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
},
{
"name": "CVE-2012-2871",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
},
{
"name": "CVE-2012-6150",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6150"
},
{
"name": "CVE-2013-5717",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5717"
},
{
"name": "CVE-2013-6340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6340"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2013-6337",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6337"
},
{
"name": "CVE-2013-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0900"
},
{
"name": "CVE-2013-6339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6339"
},
{
"name": "CVE-2013-4363",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4363"
},
{
"name": "CVE-2013-5721",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5721"
},
{
"name": "CVE-2007-6750",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6750"
},
{
"name": "CVE-2008-0386",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-0386"
},
{
"name": "CVE-2012-4504",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4504"
},
{
"name": "CVE-2012-2893",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2893"
},
{
"name": "CVE-2012-4505",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4505"
},
{
"name": "CVE-2013-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1961"
},
{
"name": "CVE-2013-4287",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4287"
},
{
"name": "CVE-2009-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0179"
},
{
"name": "CVE-2013-6338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6338"
},
{
"name": "CVE-2013-6336",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6336"
},
{
"name": "CVE-2013-4232",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4232"
},
{
"name": "CVE-2013-4124",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4124"
},
{
"name": "CVE-2013-7112",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7112"
},
{
"name": "CVE-2013-2561",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2561"
},
{
"name": "CVE-2014-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0591"
},
{
"name": "CVE-2013-5719",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5719"
},
{
"name": "CVE-2013-7114",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7114"
},
{
"name": "CVE-2013-1417",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1417"
},
{
"name": "CVE-2012-4564",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4564"
},
{
"name": "CVE-2013-5722",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5722"
},
{
"name": "CVE-2011-1202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
},
{
"name": "CVE-2012-0870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0870"
},
{
"name": "CVE-2013-5720",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5720"
},
{
"name": "CVE-2012-2825",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2825"
},
{
"name": "CVE-2013-4475",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4475"
}
],
"initial_release_date": "2014-03-10T00:00:00",
"last_revision_date": "2014-03-10T00:00:00",
"links": [],
"reference": "CERTFR-2014-AVI-112",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-03-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle Solaris\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nune ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Solaris",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 25 f\u00e9vrier 2014",
"url": "http://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html"
}
]
}
CERTFR-2020-AVI-420
Vulnerability from certfr_avis - Published: 2020-07-09 - Updated: 2020-07-09
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Junos Space et Junos Space Security Director versions antérieures à 20.1R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1167",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1167"
},
{
"name": "CVE-2016-2324",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2324"
},
{
"name": "CVE-2013-1960",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1960"
},
{
"name": "CVE-2012-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4447"
},
{
"name": "CVE-2016-3991",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3991"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2014-7826",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7826"
},
{
"name": "CVE-2020-1648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1648"
},
{
"name": "CVE-2016-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3621"
},
{
"name": "CVE-2011-0192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
},
{
"name": "CVE-2016-1000341",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
},
{
"name": "CVE-2016-6662",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6662"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-11097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
},
{
"name": "CVE-2009-2347",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2347"
},
{
"name": "CVE-2014-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3634"
},
{
"name": "CVE-2016-1000343",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
},
{
"name": "CVE-2015-1782",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1782"
},
{
"name": "CVE-2017-13098",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
},
{
"name": "CVE-2019-11132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
},
{
"name": "CVE-2014-7825",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7825"
},
{
"name": "CVE-2016-6136",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6136"
},
{
"name": "CVE-2020-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1646"
},
{
"name": "CVE-2019-11086",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
},
{
"name": "CVE-2017-7895",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
},
{
"name": "CVE-2012-1173",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
},
{
"name": "CVE-2012-2088",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2088"
},
{
"name": "CVE-2014-9938",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9938"
},
{
"name": "CVE-2015-1158",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
},
{
"name": "CVE-2020-1651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1651"
},
{
"name": "CVE-2010-2067",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2067"
},
{
"name": "CVE-2019-11106",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
},
{
"name": "CVE-2016-1000346",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
},
{
"name": "CVE-2016-3945",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3945"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2020-1645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1645"
},
{
"name": "CVE-2016-1000345",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
},
{
"name": "CVE-2020-1640",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1640"
},
{
"name": "CVE-2013-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4244"
},
{
"name": "CVE-2016-3705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
},
{
"name": "CVE-2020-1643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1643"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2015-7940",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7940"
},
{
"name": "CVE-2017-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000117"
},
{
"name": "CVE-2012-5581",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5581"
},
{
"name": "CVE-2016-1000338",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
},
{
"name": "CVE-2014-3690",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3690"
},
{
"name": "CVE-2018-1000613",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000613"
},
{
"name": "CVE-2017-12588",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12588"
},
{
"name": "CVE-2016-0787",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0787"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-9555",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
},
{
"name": "CVE-2013-1624",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1624"
},
{
"name": "CVE-2016-3990",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3990"
},
{
"name": "CVE-2019-0168",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
},
{
"name": "CVE-2018-1000021",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000021"
},
{
"name": "CVE-2019-11103",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
},
{
"name": "CVE-2014-9679",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9679"
},
{
"name": "CVE-2020-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1647"
},
{
"name": "CVE-2019-11107",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
},
{
"name": "CVE-2020-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1652"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2009-5022",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5022"
},
{
"name": "CVE-2016-1835",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
},
{
"name": "CVE-2019-3856",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
},
{
"name": "CVE-2020-1650",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1650"
},
{
"name": "CVE-2016-1000342",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
},
{
"name": "CVE-2019-3863",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2019-11110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2016-1000339",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
},
{
"name": "CVE-2008-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
},
{
"name": "CVE-2017-9935",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9935"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2018-5382",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5382"
},
{
"name": "CVE-2014-9584",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9584"
},
{
"name": "CVE-2019-11102",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
},
{
"name": "CVE-2019-3862",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
},
{
"name": "CVE-2019-11088",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
},
{
"name": "CVE-2019-11105",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
},
{
"name": "CVE-2016-5616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5616"
},
{
"name": "CVE-2015-1421",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1421"
},
{
"name": "CVE-2014-9529",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9529"
},
{
"name": "CVE-2020-1654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1654"
},
{
"name": "CVE-2013-1961",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1961"
},
{
"name": "CVE-2015-7082",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7082"
},
{
"name": "CVE-2006-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2193"
},
{
"name": "CVE-2014-8171",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8171"
},
{
"name": "CVE-2006-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2656"
},
{
"name": "CVE-2019-11101",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2018-11233",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11233"
},
{
"name": "CVE-2013-4232",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4232"
},
{
"name": "CVE-2013-4243",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4243"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2011-3200",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3200"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2017-15298",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15298"
},
{
"name": "CVE-2014-8884",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8884"
},
{
"name": "CVE-2015-1159",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2019-11131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
},
{
"name": "CVE-2020-1641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1641"
},
{
"name": "CVE-2019-11090",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
},
{
"name": "CVE-2013-4758",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4758"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2019-0131",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
},
{
"name": "CVE-2019-11109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
},
{
"name": "CVE-2016-5314",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5314"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1000352",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
},
{
"name": "CVE-2010-2065",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2065"
},
{
"name": "CVE-2019-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
},
{
"name": "CVE-2010-1411",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1411"
},
{
"name": "CVE-2016-3632",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3632"
},
{
"name": "CVE-2019-3855",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
},
{
"name": "CVE-2015-7547",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
},
{
"name": "CVE-2020-1649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1649"
},
{
"name": "CVE-2019-3857",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
},
{
"name": "CVE-2012-4564",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4564"
},
{
"name": "CVE-2012-2113",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2113"
},
{
"name": "CVE-2019-11104",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
},
{
"name": "CVE-2019-11087",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
},
{
"name": "CVE-2016-1000344",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
},
{
"name": "CVE-2019-11108",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
},
{
"name": "CVE-2014-3215",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3215"
},
{
"name": "CVE-2018-11235",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11235"
},
{
"name": "CVE-2016-6663",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6663"
},
{
"name": "CVE-2018-19486",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19486"
},
{
"name": "CVE-2015-7545",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7545"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2019-11100",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
},
{
"name": "CVE-2018-5360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5360"
},
{
"name": "CVE-2018-1000180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
},
{
"name": "CVE-2019-0165",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
},
{
"name": "CVE-2020-1644",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1644"
},
{
"name": "CVE-2019-11147",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
},
{
"name": "CVE-2012-3401",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
},
{
"name": "CVE-2019-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0211"
},
{
"name": "CVE-2014-3683",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3683"
}
],
"initial_release_date": "2020-07-09T00:00:00",
"last_revision_date": "2020-07-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-420",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11038 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11038\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11024 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11024\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11026 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11026\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11027 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11027\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11035 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11035\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11023 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11025 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11025\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11034 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11034\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11033 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11033\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11032 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11032\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11036 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11036\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11031 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11031\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11030 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11030\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11037 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11037\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11028 du 08 juillet 2020",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11028\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
FKIE_CVE-2013-1960
Vulnerability from fkie_nvd - Published: 2013-07-03 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2014-0223.html | ||
| secalert@redhat.com | http://seclists.org/oss-sec/2013/q2/254 | ||
| secalert@redhat.com | http://secunia.com/advisories/53237 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/53765 | Vendor Advisory | |
| secalert@redhat.com | http://www.debian.org/security/2013/dsa-2698 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/59609 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=952158 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2014-0223.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2013/q2/254 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/53237 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/53765 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2013/dsa-2698 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/59609 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=952158 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| remotesensing | libtiff | * | |
| remotesensing | libtiff | 3.4 | |
| remotesensing | libtiff | 3.4 | |
| remotesensing | libtiff | 3.4 | |
| remotesensing | libtiff | 3.4 | |
| remotesensing | libtiff | 3.4 | |
| remotesensing | libtiff | 3.4 | |
| remotesensing | libtiff | 3.4 | |
| remotesensing | libtiff | 3.4 | |
| remotesensing | libtiff | 3.4 | |
| remotesensing | libtiff | 3.4 | |
| remotesensing | libtiff | 3.4 | |
| remotesensing | libtiff | 3.5.1 | |
| remotesensing | libtiff | 3.5.2 | |
| remotesensing | libtiff | 3.5.3 | |
| remotesensing | libtiff | 3.5.4 | |
| remotesensing | libtiff | 3.5.5 | |
| remotesensing | libtiff | 3.5.6 | |
| remotesensing | libtiff | 3.5.6 | |
| remotesensing | libtiff | 3.5.7 | |
| remotesensing | libtiff | 3.5.7 | |
| remotesensing | libtiff | 3.5.7 | |
| remotesensing | libtiff | 3.5.7 | |
| remotesensing | libtiff | 3.5.7 | |
| remotesensing | libtiff | 3.5.7 | |
| remotesensing | libtiff | 3.6.0 | |
| remotesensing | libtiff | 3.6.0 | |
| remotesensing | libtiff | 3.6.0 | |
| remotesensing | libtiff | 3.6.1 | |
| remotesensing | libtiff | 3.7.0 | |
| remotesensing | libtiff | 3.7.0 | |
| remotesensing | libtiff | 3.7.0 | |
| remotesensing | libtiff | 3.7.0 | |
| remotesensing | libtiff | 3.7.1 | |
| remotesensing | libtiff | 3.7.2 | |
| remotesensing | libtiff | 3.7.3 | |
| remotesensing | libtiff | 3.7.4 | |
| remotesensing | libtiff | 3.8.0 | |
| remotesensing | libtiff | 3.8.1 | |
| remotesensing | libtiff | 3.8.2 | |
| remotesensing | libtiff | 3.9.0 | |
| remotesensing | libtiff | 3.9.0 | |
| remotesensing | libtiff | 3.9.1 | |
| remotesensing | libtiff | 3.9.2 | |
| remotesensing | libtiff | 3.9.3 | |
| remotesensing | libtiff | 3.9.4 | |
| remotesensing | libtiff | 4.0.0 | |
| remotesensing | libtiff | 4.0.1 | |
| remotesensing | libtiff | 4.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D16E1B-E475-499D-B83E-417C63AA95B2",
"versionEndIncluding": "4.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA8C11D-B75A-4CE0-87EE-85A8716F8D5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.4:beta18:*:*:*:*:*:*",
"matchCriteriaId": "154B3C86-8DFA-4639-92A8-37CF4E150A4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.4:beta24:*:*:*:*:*:*",
"matchCriteriaId": "F2919A65-4BC7-43EF-9696-073B654CA6D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.4:beta28:*:*:*:*:*:*",
"matchCriteriaId": "D84D199C-760A-4109-848B-80A0D06B08E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.4:beta29:*:*:*:*:*:*",
"matchCriteriaId": "355B9406-812F-4A23-8239-B0308E4C9EEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.4:beta31:*:*:*:*:*:*",
"matchCriteriaId": "D7088774-6488-47DE-9A0D-0942E9684606",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.4:beta32:*:*:*:*:*:*",
"matchCriteriaId": "6761020B-DBEE-46E7-9082-7C6D52470A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.4:beta34:*:*:*:*:*:*",
"matchCriteriaId": "43B37319-59F9-4032-91FE-660B7C225817",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.4:beta35:*:*:*:*:*:*",
"matchCriteriaId": "8254567D-B9AE-4137-9306-A60CF5FA6D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.4:beta36:*:*:*:*:*:*",
"matchCriteriaId": "B65B2DF2-7EC1-4069-B653-2AE648FD8407",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.4:beta37:*:*:*:*:*:*",
"matchCriteriaId": "6F4AF76B-7E21-4C42-B555-E3134B277597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6C6E6D-F589-4389-AF9D-53A632C39CAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F5E1A2CE-2DF3-4AA7-BE5D-7C1730DC3D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB53B93B-ADAD-49FE-A75F-199C6DCDF958",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6FBA7F24-8310-4EB2-A145-30112B43331A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B52C600F-28E5-480B-8C17-1993F8732650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "57288CDE-81DD-4F96-B46F-E53806B18B83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.6:beta:*:*:*:*:*:*",
"matchCriteriaId": "AC74987D-3529-4DF5-B96B-BD63BB47BDCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3EED455F-7401-4A66-A7CF-C1AC4E25EE16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha:*:*:*:*:*:*",
"matchCriteriaId": "AB3E152B-1934-4BF8-A78F-B654C0130CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "49E334FB-87F9-41D8-89F2-197510930696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "0E09F331-3EE3-4B5C-89C7-8FA0058022BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "61B9878F-CC7F-4A3D-8651-708639D19C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.5.7:beta:*:*:*:*:*:*",
"matchCriteriaId": "6F9BF335-408C-4137-B1EC-CE563A16BE6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E0BF6D3B-FF14-483E-9DF8-C1F62276F8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.6.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "884C01F8-18E6-41B8-88B3-79C8F5F53BB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "B81A4EB1-213A-4CC4-9D21-5D378A9F5572",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB5FECF3-7A90-4955-B3F7-FE6429135DD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3BDD677E-830C-45BC-8546-CB9A433C30E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.7.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "D2B9B15F-8872-4713-B84B-D3C994F21E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "85109933-0659-4D74-ABBF-1C9C0C555B0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.7.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "FC604F1F-F07A-4714-8C81-E79E6F39251F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "316CFA11-E612-4F33-A9A6-761C433E6FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5A2F50-C3BA-4F20-896E-465C6A98D2BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E4169C6B-7781-4F00-A48E-EA76BC953355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F192522-4911-4AF0-85D3-AD8E4F162266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEADAF-014E-47C7-8B4C-0335346A94C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA630FB3-3706-4124-BC30-0C0B9826C567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1AF04A35-8DBC-4B7F-BFBE-75B0553735E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F60D11C-50CB-494E-B867-71E978024266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.9.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "2A4F6210-DE72-49C3-9C2C-B4CE4CEC084F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CEA259-BDC6-4FED-B2D9-7E1874472507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FED8341C-8FD6-41EC-AFA0-70615D3D7355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "621D64C7-BE76-4C97-B41D-72DBE84E9258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:3.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77910683-0ED1-4A69-B65E-26ED70A8BD5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A50B8102-17E2-4D26-801B-F35A66B645F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE79A89-E6BE-40AD-BA70-C7CD12079E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:remotesensing:libtiff:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0FC5012-4773-4C30-A5D6-CFF2A4A323C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n tp_process_jpeg_strip en tiff2pdf en libtiff 4.0.3 y anteriores, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente la ejecuci\u00f3n arbitraria de c\u00f3digo a trav\u00e9s de una imagen TIFF manipulada."
}
],
"id": "CVE-2013-1960",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-03T18:55:00.870",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2013/q2/254"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53237"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53765"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2698"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/59609"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2013/q2/254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53237"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/59609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952158"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2013-1960
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-1960",
"description": "Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.",
"id": "GSD-2013-1960",
"references": [
"https://www.suse.com/security/cve/CVE-2013-1960.html",
"https://www.debian.org/security/2013/dsa-2698",
"https://access.redhat.com/errata/RHSA-2014:0223",
"https://access.redhat.com/errata/RHSA-2014:0222",
"https://alas.aws.amazon.com/cve/html/CVE-2013-1960.html",
"https://linux.oracle.com/cve/CVE-2013-1960.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2013-1960"
],
"details": "Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.",
"id": "GSD-2013-1960",
"modified": "2023-12-13T01:22:20.399327Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html"
},
{
"name": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2014-0223.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
},
{
"name": "http://seclists.org/oss-sec/2013/q2/254",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2013/q2/254"
},
{
"name": "http://secunia.com/advisories/53237",
"refsource": "MISC",
"url": "http://secunia.com/advisories/53237"
},
{
"name": "http://secunia.com/advisories/53765",
"refsource": "MISC",
"url": "http://secunia.com/advisories/53765"
},
{
"name": "http://www.debian.org/security/2013/dsa-2698",
"refsource": "MISC",
"url": "http://www.debian.org/security/2013/dsa-2698"
},
{
"name": "http://www.securityfocus.com/bid/59609",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/59609"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=952158",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952158"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.9.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.4:beta18:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.4:beta34:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.4:beta31:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.6:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.4:beta35:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.7.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.4:beta28:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.4:beta36:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.6.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.6.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.7.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:4.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.4:beta32:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.7.0:alpha:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.4:beta37:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.7:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.4:beta29:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.4:beta24:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:remotesensing:libtiff:3.5.7:alpha3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1960"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0922",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html"
},
{
"name": "53237",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53237"
},
{
"name": "[oss-security] 20130502 Fwd: Two libtiff (tiff2pdf flaws)",
"refsource": "MLIST",
"tags": [],
"url": "http://seclists.org/oss-sec/2013/q2/254"
},
{
"name": "openSUSE-SU-2013:0944",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html"
},
{
"name": "53765",
"refsource": "SECUNIA",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/53765"
},
{
"name": "DSA-2698",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2013/dsa-2698"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=952158",
"refsource": "CONFIRM",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952158"
},
{
"name": "FEDORA-2013-7369",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html"
},
{
"name": "FEDORA-2013-7339",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html"
},
{
"name": "FEDORA-2013-7361",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html"
},
{
"name": "RHSA-2014:0223",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
},
{
"name": "59609",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/59609"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-02-13T04:42Z",
"publishedDate": "2013-07-03T18:55Z"
}
}
}
GHSA-VQHX-4GWH-XX5Q
Vulnerability from github – Published: 2022-05-17 03:23 – Updated: 2022-05-17 03:23
VLAI?
Details
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
{
"affected": [],
"aliases": [
"CVE-2013-1960"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-07-03T18:55:00Z",
"severity": "HIGH"
},
"details": "Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.",
"id": "GHSA-vqhx-4gwh-xx5q",
"modified": "2022-05-17T03:23:25Z",
"published": "2022-05-17T03:23:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1960"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0222"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0223"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2013-1960"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952158"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104916.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105253.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105828.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00058.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00080.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0223.html"
},
{
"type": "WEB",
"url": "http://seclists.org/oss-sec/2013/q2/254"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/53237"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/53765"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2013/dsa-2698"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/59609"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…