CVE-2004-1307

Severity

75%

Complexity

99%

Confidentiality

106%

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 20 years ago

2004-12-21 05:00:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

Avaya Integrated Management

Avaya Interactive Response

Avaya Interactive Response 1.2.1

1.2.1

Avaya Interactive Response 1.3

1.3

Avaya Intuity LX

LibTIFF 3.4

3.4

LibTIFF 3.5.1

3.5.1

LibTIFF 3.5.2

3.5.2

LibTIFF 3.5.3

3.5.3

LibTIFF 3.5.4

3.5.4

LibTIFF 3.5.5

3.5.5

LibTIFF 3.5.7

3.5.7

LibTIFF 3.6.0

3.6.0

LibTIFF 3.6.1

3.6.1

LibTIFF 3.7.0

3.7.0

SGI ProPack 3.0

3.0

Conectiva Linux 9.0

9.0

Conectiva Linux 10.0

10.0

Avaya MN100

Apple Mac OS X 10.3

10.3

Apple Mac OS X 10.3.1

10.3.1

Apple Mac OS X 10.3.2

10.3.2

Apple Mac OS X 10.3.3

10.3.3

Apple Mac OS X 10.3.4

10.3.4

Apple Mac OS X 10.3.5

10.3.5

Apple Mac OS X 10.3.6

10.3.6

Apple Mac OS X 10.3.7

10.3.7

Apple Mac OS X 10.3.8

10.3.8

Apple Mac OS X 10.3.9

10.3.9

Apple Mac OS X Server 10.3

10.3

Apple Mac OS X Server 10.3.1

10.3.1

Apple Mac OS X Server 10.3.2

10.3.2

Apple Mac OS X Server 10.3.3

10.3.3

Apple Mac OS X Server 10.3.4

10.3.4

Apple Mac OS X Server 10.3.5

10.3.5

Apple Mac OS X Server 10.3.6

10.3.6

Apple Mac OS X Server 10.3.7

10.3.7

Apple Mac OS X Server 10.3.8

10.3.8

Apple Mac OS X Server 10.3.9

10.3.9

Gentoo Linux

MandrakeSoft Mandrake Linux 10.0

10.0

MandrakeSoft Mandrake Linux 10.1

10.1

MandrakeSoft Mandrake Corporate Server 3.0

3.0

Sun Microsystems Solaris 7

5.7

Sun SunOS (Solaris 8) 5.8

5.8

References

APPLE-SA-2005-05-03

Patch, Vendor Advisory

101677

201072

20041221 libtiff STRIPOFFSETS Integer Overflow Vulnerability

Patch, Vendor Advisory

VU#539110

Patch, Third Party Advisory, US Government Resource

TA05-136A

US Government Resource

oval:org.mitre.oval:def:11175

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.