[Secure-testing-team] Bug#719305: tiff3: CVE-2013-4231 CVE-2013-4232
Salvatore Bonaccorso
carnil at debian.org
Sat Aug 10 13:34:33 UTC 2013
Package: tiff3
Severity: important
Tags: security upstream
Hi,
the following vulnerabilities were published for tiff3.
CVE-2013-4231[0]:
Stack-based buffer overflow
CVE-2013-4232[1]:
use after free
These where found by Pedro Ribeiro[2] and are found all in the tools
part and apply also to tiff3.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4231
[1] http://security-tracker.debian.org/tracker/CVE-2013-4232
[2] http://www.asmail.be/msg0055359936.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list