CVE-2013-1960

Upstream information

CVE-2013-1960 at MITRE

Description

Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.

SUSE information

CVSS v2 Scores
	National Vulnerability Database
Base Score	9.33
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

SUSE Bugzilla entries: 817573 [RESOLVED / FIXED], 854393 [NEEDINFO]

SUSE Security Advisories:

SUSE-SU-2013:0795-1, published Wed May 15 14:04:29 MDT 2013
SUSE-SU-2013:1639-1, published Thu Nov 7 09:04:17 MST 2013
openSUSE-SU-2013:0812-1, published Tue, 21 May 2013 16:04:19 +0200 (CEST)
openSUSE-SU-2013:0812-2, published Tue, 21 May 2013 17:04:25 +0200 (CEST)
openSUSE-SU-2013:0922-1, published Mon, 10 Jun 2013 17:20:01 +0200 (CEST)
openSUSE-SU-2013:0944-1, published Mon, 10 Jun 2013 18:13:01 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 11 SP2	`libtiff3 >= 3.8.2-141.152.1` `libtiff3-32bit >= 3.8.2-141.152.1`	Patchnames: sledsp2-libtiff-devel
SUSE Linux Enterprise Server 11 SP2	`libtiff3 >= 3.8.2-141.152.1` `libtiff3-32bit >= 3.8.2-141.152.1` `libtiff3-x86 >= 3.8.2-141.154.1` `tiff >= 3.8.2-141.152.1`	Patchnames: slessp2-libtiff-devel
SUSE Linux Enterprise Server for VMWare 11 SP2	`libtiff3 >= 3.8.2-141.152.1` `libtiff3-32bit >= 3.8.2-141.152.1` `libtiff3-x86 >= 3.8.2-141.154.1` `tiff >= 3.8.2-141.152.1`	Patchnames: slessp2-libtiff-devel
SUSE Linux Enterprise Software Development Kit 11 SP2	`libtiff-devel >= 3.8.2-141.152.1` `libtiff-devel-32bit >= 3.8.2-141.152.1`	Patchnames: sdksp2-libtiff-devel
SUSE Linux Enterprise Desktop 10 SP4 for x86 SUSE Linux Enterprise Server 10 SP4 for x86	`libtiff >= 3.8.2-5.34.1` `libtiff-devel >= 3.8.2-5.34.1` `tiff >= 3.8.2-5.34.1`	Builds ZYPP Patch Nr: 8564
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T	`libtiff >= 3.8.2-5.34.1` `libtiff-32bit >= 3.8.2-5.34.1` `libtiff-devel >= 3.8.2-5.34.1` `tiff >= 3.8.2-5.34.1`	Builds ZYPP Patch Nr: 8564
SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for x86	`libtiff-devel >= 3.8.2-5.34.1`	Builds ZYPP Patch Nr: 8564
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries	`libtiff-devel >= 3.8.2-5.34.1` `libtiff-devel-64bit >= 3.8.2-5.34.1`	Builds ZYPP Patch Nr: 8564
SLE SDK 10 SP4 for IBM zSeries SLE SDK 10 SP4 for X86-64	`libtiff-devel >= 3.8.2-5.34.1` `libtiff-devel-32bit >= 3.8.2-5.34.1`	Builds ZYPP Patch Nr: 8564
SUSE Linux Enterprise Server 10 SP4 for IPF	`libtiff >= 3.8.2-5.34.1` `libtiff-devel >= 3.8.2-5.34.1` `libtiff-x86 >= 3.8.2-5.34.1` `tiff >= 3.8.2-5.34.1`	Builds ZYPP Patch Nr: 8564
SUSE Linux Enterprise Server 10 SP4 for IBM POWER	`libtiff >= 3.8.2-5.34.1` `libtiff-64bit >= 3.8.2-5.34.1` `libtiff-devel >= 3.8.2-5.34.1` `libtiff-devel-64bit >= 3.8.2-5.34.1` `tiff >= 3.8.2-5.34.1`	Builds ZYPP Patch Nr: 8564
SUSE Linux Enterprise Server 10 SP4 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP4 for IBM zSeries 64bit	`libtiff >= 3.8.2-5.34.1` `libtiff-32bit >= 3.8.2-5.34.1` `libtiff-devel >= 3.8.2-5.34.1` `libtiff-devel-32bit >= 3.8.2-5.34.1` `tiff >= 3.8.2-5.34.1`	Builds ZYPP Patch Nr: 8564
SUSE Linux Enterprise Software Development Kit 11 SP2	`libtiff-devel >= 3.8.2-141.152.1`	Builds SAT Patch Nr: 7707
SUSE Linux Enterprise Software Development Kit 11 SP2	`libtiff-devel >= 3.8.2-141.152.1` `libtiff-devel-32bit >= 3.8.2-141.152.1`	Builds SAT Patch Nr: 7707
SUSE Linux Enterprise Desktop 11 SP2	`libtiff3 >= 3.8.2-141.152.1`	Builds SAT Patch Nr: 7707
SUSE Linux Enterprise Desktop 11 SP2	`libtiff3 >= 3.8.2-141.152.1` `libtiff3-32bit >= 3.8.2-141.152.1`	Builds SAT Patch Nr: 7707
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`libtiff3 >= 3.8.2-141.152.1` `tiff >= 3.8.2-141.152.1`	Builds SAT Patch Nr: 7707
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware	`libtiff3 >= 3.8.2-141.152.1` `libtiff3-32bit >= 3.8.2-141.152.1` `tiff >= 3.8.2-141.152.1`	Builds SAT Patch Nr: 7707
SUSE Linux Enterprise Server 11 SP2	`libtiff3 >= 3.8.2-141.152.1` `libtiff3-x86 >= 3.8.2-141.152.1` `tiff >= 3.8.2-141.152.1`	Builds SAT Patch Nr: 7707
SUSE Linux Enterprise Server 10 SP3 LTSS for x86	`libtiff >= 3.8.2-5.36.1` `libtiff-devel >= 3.8.2-5.36.1` `tiff >= 3.8.2-5.36.1`	Builds ZYPP Patch Nr: 8721
SUSE Linux Enterprise Server 10 SP3 LTSS for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP3 LTSS for IBM zSeries 64bit	`libtiff >= 3.8.2-5.36.1` `libtiff-32bit >= 3.8.2-5.36.1` `libtiff-devel >= 3.8.2-5.36.1` `libtiff-devel-32bit >= 3.8.2-5.36.1` `tiff >= 3.8.2-5.36.1`	Builds ZYPP Patch Nr: 8721
openSUSE 12.3	`libtiff-devel >= 4.0.3-2.4.1` `libtiff-devel-32bit >= 4.0.3-2.4.1` `libtiff5 >= 4.0.3-2.4.1` `libtiff5-32bit >= 4.0.3-2.4.1` `libtiff5-debuginfo >= 4.0.3-2.4.1` `libtiff5-debuginfo-32bit >= 4.0.3-2.4.1` `tiff >= 4.0.3-2.4.1` `tiff-debuginfo >= 4.0.3-2.4.1` `tiff-debugsource >= 4.0.3-2.4.1`	Patchnames: openSUSE-2013-431
openSUSE Evergreen 11.4	`libtiff-devel >= 3.9.4-38.1` `libtiff-devel-32bit >= 3.9.4-38.1` `libtiff3 >= 3.9.4-38.1` `libtiff3-32bit >= 3.9.4-38.1` `libtiff3-debuginfo >= 3.9.4-38.1` `libtiff3-debuginfo-32bit >= 3.9.4-38.1` `libtiff3-debuginfo-x86 >= 3.9.4-38.1` `libtiff3-x86 >= 3.9.4-38.1` `tiff >= 3.9.4-38.1` `tiff-debuginfo >= 3.9.4-38.1` `tiff-debugsource >= 3.9.4-38.1`	Patchnames: 2013-81

CVE-2013-1960

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

Services