Updated libtiff package fixes security vulnerability
Publication date: 24 Sep 2013Modification date: 24 Sep 2013
Type: security
Affected Mageia releases : 2 , 3
CVE: CVE-2013-4243
Description
A possible heap-based buffer overflow flaw was found in the readgifimage function in gif2tiff, a tool to convert GIF images to TIFF. A remote attacker could provide a specially-crafted GIF file that, when processed by gif2tiff, would cause gif2tiff to crash or, potentially, execute arbitrary code with the privileges of the user running gif2tiff (CVE-2013-4243).
References
SRPMS
3/core
- libtiff-4.0.3-4.3.mga3
2/core
- libtiff-4.0.1-2.9.mga2