CVE Vulnerabilities

CVE-2004-1307

Published: Dec 21, 2004 | Modified: Oct 30, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Affected Software

Name Vendor Start Version End Version
Interactive_response Avaya 1.2.1 1.2.1
Libtiff Libtiff 3.6.1 3.6.1
Linux Conectiva 9.0 9.0
Propack Sgi 3.0 3.0
Call_management_system_server Avaya 8.0 8.0
Icontrol_service_manager F5 1.3.5 1.3.5
Integrated_management Avaya * *
Interactive_response Avaya 1.3 1.3
Call_management_system_server Avaya 13.0 13.0
Libtiff Libtiff 3.4 3.4
Icontrol_service_manager F5 1.3.4 1.3.4
Libtiff Libtiff 3.5.7 3.5.7
Libtiff Libtiff 3.7.0 3.7.0
Intuity_audix_lx Avaya * *
Libtiff Libtiff 3.6.0 3.6.0
Libtiff Libtiff 3.5.3 3.5.3
Libtiff Libtiff 3.5.4 3.5.4
Libtiff Libtiff 3.5.2 3.5.2
Call_management_system_server Avaya 9.0 9.0
Cvlan Avaya * *
Interactive_response Avaya * *
Libtiff Libtiff 3.5.5 3.5.5
Linux Conectiva 10.0 10.0
Libtiff Libtiff 3.5.1 3.5.1
Call_management_system_server Avaya 11.0 11.0
Icontrol_service_manager F5 1.3.6 1.3.6
Icontrol_service_manager F5 1.3 1.3
Call_management_system_server Avaya 12.0 12.0

References