CVE Vulnerabilities

CVE-2004-1308

Published: Jan 10, 2005 | Modified: Oct 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.

Affected Software

Name Vendor Start Version End Version
Libtiff Libtiff 3.4 3.4
Libtiff Libtiff 3.5.1 3.5.1
Libtiff Libtiff 3.5.2 3.5.2
Libtiff Libtiff 3.5.3 3.5.3
Libtiff Libtiff 3.5.4 3.5.4
Libtiff Libtiff 3.5.5 3.5.5
Libtiff Libtiff 3.5.7 3.5.7
Libtiff Libtiff 3.6.0 3.6.0
Libtiff Libtiff 3.6.1 3.6.1
Libtiff Libtiff 3.7.0 3.7.0
Red Hat Enterprise Linux 3 RedHat libtiff-0:3.5.7-22.el3 *
Red Hat Enterprise Linux 3 RedHat kdegraphics-7:3.1.3-3.7 *
Red Hat Enterprise Linux 4 RedHat libtiff-0:3.6.1-8 *
Tiff Ubuntu dapper *
Tiff Ubuntu devel *
Tiff Ubuntu edgy *
Tiff Ubuntu feisty *

References