Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:539110
HistoryJan 20, 2005 - 12:00 a.m.

LibTIFF vulnerable to integer overflow in the TIFFFetchStrip() routine

2005-01-2000:00:00
www.kb.cert.org
16

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.129 Low

EPSS

Percentile

95.4%

JSON

Overview

An integer overflow in LibTIFF may allow a remote attacker to execute arbitrary code.

Description

LibTIFF is a library used to encode and decode images in Tag Image File Format (TIFF). An integer overflow in the TIFFFetchStripThing() routine within the tif_dirread.c file may allow an attacker to cause a heap-based buffer overflow. A lack of input validation on user-controlled data concerning the size of an TIFF image may allow a remote attacker to manipulate a call to malloc() to create a buffer with insufficient size. When data is copied to this under-sized buffer, a heap-based buffer overflow may occur.

Note that in order to exploit this vulnerability, an attacker must craft a TIFF image with the STRIPOFFSETS flag set.

This vulnerability is believed to related to the integer overflows described in VU#687568.

Impact

If a remote attacker can persuade a user to access a specially crafted TIFF image, that attacker may be able to execute arbitrary code with the privileges of that user.

Solution

Upgrade

This issue has been corrected in LibTIFF versions 3.7.0.

Workarounds

Do Not Accept TIFF Files from Unknown or Untrusted Sources

Exploitation occurs by accessing a specially crafted TIFF file (typically .tiff or .tif extension). By only accessing TIFF files from trusted or known sources, the chances of exploitation are reduced.

Vendor Information

539110

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer Inc. __ Affected

Notified: January 21, 2005 Updated: May 05, 2005

Status

Affected

Vendor Statement

This is addressed in Security Update 2005-005. Further information is available at:

<http://docs.info.apple.com/article.html?artnum=301528&gt;.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Red Hat Inc. __ Affected

Notified: January 21, 2005 Updated: August 23, 2005

Status

Affected

Vendor Statement

This flaw was fixed as part of the update for CVE name CAN-2004-0886. Updates are available for Red Hat Enterprise Linux 3 and 2.1 to correct this issue. New libtiff packages along with our advisory are available at the URL below and by using the Red Hat Network ‘up2date’ tool.

<http://rhn.redhat.com/errata/RHSA-2004-577.html&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Sun Microsystems Inc. __ Affected

Notified: January 21, 2005 Updated: February 02, 2005

Status

Affected

Vendor Statement

Sun is affected by this libtiff vulnerability (CERT VU#539110) which corresponds to CVE CAN-2004-1307 and is also affected by the following libtiff vulnerabilities: CAN-2004-1308 (CERT VU#125598), CAN-2004-0803, CAN-2004-0804, and CAN-2004-0886. The following libraries in Solaris are affected:

Solaris 7, 8, 9 - OpenWindows
/usr/openwin/lib/libtiff.so.3

Solaris 9 - Sun Freeware
/usr/sfw/lib/libtiff.so.3
The libtiff.so library in the Sun Java Desktop System (JDS) is affected by this issue in JDS release 2003 and JDS release 2.

Sun is generating patches to update libtiff to v3.7.1 for the above affected libraries and will be publishing Sun Alerts for these libtiff vulnerabilities shortly.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Conectiva __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Cray Inc. __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Debian __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

EMC Corporation __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Engarde __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

F5 Networks __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

FreeBSD __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Fujitsu __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Hewlett-Packard Company __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Hitachi __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

IBM __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

IBM eServer __ Unknown

Notified: January 21, 2005 Updated: February 02, 2005

Status

Unknown

Vendor Statement

For information related to this and other published CERT Advisories that may relate to the IBM eServer Platforms (xSeries, iSeries, pSeries, and zSeries) please go to

https://app-06.www.ibm.com/servers/resourcelink/lib03020.nsf/pages/securityalerts?OpenDocument&pathID=
In order to access this information you will require a Resource Link ID.To subscribe to Resource Link go to

<http://app-06.www.ibm.com/servers/resourcelink&gt;
and follow the steps for registration.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

IBM-zSeries __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Immunix __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Ingrian Networks __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Juniper Networks __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

MandrakeSoft __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Microsoft Corporation __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

MontaVista Software __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

NEC Corporation __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

NetBSD __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Nokia __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Novell __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

OpenBSD __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Openwall GNU/*/Linux __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

SCO Linux __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

SCO Unix __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

SGI __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Sequent __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Sony Corporation __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

SuSE Inc. __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

TurboLinux __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Unisys __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

Wind River Systems Inc. __ Unknown

Notified: January 21, 2005 Updated: January 24, 2005

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

US-CERT has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23539110 Feedback>).

View all 37 vendors __View less vendors __

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This vulnerability was reported by iDefense Security.iDefense credits infamous41md with discovering this vulnerability.

This document was written by Jeff Gennari.

Other Information

CVE IDs: CVE-2004-1307
Severity Metric: 5.04 Date Public:

Related

openvas 33
centos 3
nessus 34
redhat 5
slackware 1
cert 4
gentoo 4
securityvulns 6
debian 4
osv 2
suse 3
ubuntucve 5
cve 6
freebsd 4
debiancve 6
ubuntu 1
openvas
openvas
Solaris Update for sdtimage 109932-10
2009-06-03 00:00:00
Solaris Update for CDE 1.5 114219-11
2009-06-03 00:00:00
Solaris Update for CDE 1.4 109931-10
2009-06-03 00:00:00
centos
centos
kdegraphics security update
2005-04-12 23:05:10
kdegraphics security update
2005-04-12 16:01:20
tetex security update
2005-04-01 21:29:55
nessus
nessus
CentOS 3 : kdegraphics (CESA-2005:021)
2006-07-03 00:00:00
RHEL 2.1 / 3 : kdegraphics (RHSA-2005:021)
2005-04-12 00:00:00
RHEL 2.1 / 3 : libtiff (RHSA-2004:577)
2004-11-04 00:00:00
redhat
redhat
(RHSA-2005:021) kdegraphics security update
2005-04-12 00:00:00
(RHSA-2004:577) libtiff security update
2004-10-22 00:00:00
(RHSA-2005:354) tetex security update
2005-04-01 00:00:00
slackware
slackware
[slackware-security] libtiff
2004-11-01 08:00:50
cert
cert
LibTIFF contains multiple heap-based buffer overflows
2004-12-01 00:00:00
LibTIFF contains multiple integer overflows
2004-12-01 00:00:00
LibTIFF vulnerable to denial-of-service condition
2004-12-01 00:00:00
gentoo
gentoo
kfax: Multiple overflows in the included TIFF library
2004-12-19 00:00:00
PDFlib: Multiple overflows in the included TIFF library
2004-12-05 00:00:00
tiff: Buffer overflows in image decoding
2004-10-13 00:00:00
securityvulns
securityvulns
KDE Security Advisory: kfax libtiff vulnerabilities
2004-12-10 00:00:00
[Full-Disclosure] [ GLSA 200412-02 ] PDFlib: Multiple overflows in the included TIFF library
2004-12-06 00:00:00
MDKSA-2004:111 - Updated wxGTK2 packages fix vulnerabilities
2004-10-22 00:00:00
debian
debian
[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution
2004-10-15 17:51:16
[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution
2004-10-15 17:51:16
[SECURITY] [DSA 617-1] New libtiff packages fix arbitrary code execution
2004-12-24 14:15:44
osv
osv
tiff - heap overflows
2004-10-15 00:00:00
libtiff - insufficient input validation
2004-12-24 00:00:00
suse
suse
remote denial of service in kernel
2004-10-21 07:52:50
local privilege escalation in libtiff
2004-10-22 14:52:41
remote system compromise in libtiff/tiff
2005-01-10 10:35:29
ubuntucve
ubuntucve
CVE-2004-0886
2005-01-27 00:00:00
CVE-2004-1308
2005-01-10 00:00:00
CVE-2004-0803
2004-12-23 00:00:00
cve
cve
CVE-2004-0886
2005-01-27 05:00:00
CVE-2004-1308
2005-01-10 05:00:00
CVE-2004-1307
2004-12-21 05:00:00
freebsd
freebsd
tiff -- multiple integer overflows
2004-10-13 00:00:00
tiff -- directory entry count integer overflow vulnerability
2004-12-17 00:00:00
tiff -- RLE decoder heap overflows
2004-10-13 00:00:00
debiancve
debiancve
CVE-2004-1308
2005-01-10 05:00:00
CVE-2004-0886
2005-01-27 05:00:00
CVE-2004-1307
2004-12-21 05:00:00
ubuntu
ubuntu
TIFF library vulnerability
2004-12-22 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.129 Low

EPSS

Percentile

95.4%

JSON
Related for VU:539110
openvas33centos3nessus34redhat5slackware1cert4gentoo4securityvulns6debian4osv2suse3ubuntucve5cve6freebsd4debiancve6ubuntu1