VYPR
← All advisories
Unrated severityNVD Advisory· Published Sep 10, 2013· Updated Apr 29, 2026

CVE-2013-4232

CVE-2013-4232

Description

Use-after-free vulnerability in the t2p_readwrite_pdf_image function in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted TIFF image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5

Patches

Vulnerability mechanics

Root cause

"Use-after-free in t2p_readwrite_pdf_image when processing crafted TIFF raster image data."

Attack vector

An attacker can trigger the use-after-free by crafting a malicious TIFF image and convincing a victim to process it with the tiff2pdf tool. The crafted raster data causes the `t2p_readwrite_pdf_image` function to access freed memory, leading to a crash or potentially arbitrary code execution [ref_id=1]. No authentication or special network access is required beyond delivering the file.

Affected code

The vulnerability resides in the `t2p_readwrite_pdf_image` function in `tools/tiff2pdf.c` of libtiff 4.0.3. The flaw is a use-after-free that occurs when the tiff2pdf tool reads TIFF file raster image data and writes them to the output PDF XObject's image dictionary stream [ref_id=1].

What the fix does

The advisory does not include a published patch. The recommended remediation is to update libtiff to a version that corrects the use-after-free in `t2p_readwrite_pdf_image`. Without a patch diff, the exact fix cannot be described, but the vulnerability is resolved by ensuring proper memory management when processing TIFF raster data for PDF output [ref_id=1].

Preconditions

  • inputThe victim must process a crafted TIFF file using the tiff2pdf tool.

Generated on Jun 24, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

8

News mentions

0

No linked articles in our index yet.