SuseSUSE-SA:2004:038

HistoryOct 22, 2004 - 2:52 p.m.

local privilege escalation in libtiff

2004-10-2214:52:41

lists.opensuse.org

0.932 High

EPSS

Percentile

98.8%

JSON

libtiff is used by image viewers and web browser to view “TIFF” images. These usually open and display those images without querying the user, making a normal system by default vulnerable to exploits of image library bugs.

Solution

There is no workaround. Update the libtiff packages.

OSVersionArchitecturePackageVersionFilename
openSUSE9.0i586libtiff< 3.5.7-376libtiff-3.5.7-376.i586.rpm
openSUSE8.2i586libtiff< 3.5.7-376libtiff-3.5.7-376.i586.rpm
openSUSE8.1i586libtiff< 3.5.7-376libtiff-3.5.7-376.i586.rpm
openSUSE9.1i586libtiff< 3.6.1-38.12libtiff-3.6.1-38.12.i586.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	9.0	i586	libtiff	< 3.5.7-376	libtiff-3.5.7-376.i586.rpm
openSUSE	8.2	i586	libtiff	< 3.5.7-376	libtiff-3.5.7-376.i586.rpm
openSUSE	8.1	i586	libtiff	< 3.5.7-376	libtiff-3.5.7-376.i586.rpm
openSUSE	9.1	i586	libtiff	< 3.6.1-38.12	libtiff-3.6.1-38.12.i586.rpm

nessus 59

openvas 53

suse 2

redhat 8

freebsd 5

gentoo 8

centos 3

securityvulns 8

cert 6

debian 8

osv 4

slackware 1

ubuntucve 9

cve 10

debiancve 9

ubuntu 3

checkpoint_advisories 2

prion 1

nessus

SUSE-SA:2004:038: libtiff

2004-10-22 00:00:00

RHEL 3 : freeradius (RHSA-2004:609)

2004-11-13 00:00:00

GLSA-200409-29 : FreeRADIUS: Multiple Denial of Service vulnerabilities

2004-09-23 00:00:00

openvas

SLES9: Security update for libtiff

2009-10-10 00:00:00

SLES9: Security update for libtiff

2009-10-10 00:00:00

Gentoo Security Advisory GLSA 200409-29 (FreeRADIUS)

2008-09-24 00:00:00

suse

remote system compromise in xpdf, gpdf, kdegraphics3-pdf, pdftohtml, cups

2004-10-26 10:45:14

remote denial of service in kernel

2004-10-21 07:52:50

redhat

(RHSA-2004:609) freeradius security update

2004-11-12 00:00:00

(RHSA-2005:354) tetex security update

2005-04-01 00:00:00

(RHSA-2004:577) libtiff security update

2004-10-22 00:00:00

freebsd

freeradius -- denial-of-service vulnerability

2004-09-20 00:00:00

xpdf -- integer overflow vulnerabilities

2004-10-21 00:00:00

tiff -- multiple integer overflows

2004-10-13 00:00:00

gentoo

FreeRADIUS: Multiple Denial of Service vulnerabilities

2004-09-22 00:00:00

kfax: Multiple overflows in the included TIFF library

2004-12-19 00:00:00

PDFlib: Multiple overflows in the included TIFF library

2004-12-05 00:00:00

centos

tetex security update

2005-04-01 21:29:55

kdegraphics security update

2005-04-12 16:01:20

kdegraphics security update

2005-04-12 23:05:10

securityvulns

[Full-Disclosure] [ GLSA 200412-02 ] PDFlib: Multiple overflows in the included TIFF library

2004-12-06 00:00:00

MDKSA-2004:111 - Updated wxGTK2 packages fix vulnerabilities

2004-10-22 00:00:00

KDE Security Advisory: kfax libtiff vulnerabilities

2004-12-10 00:00:00

cert

LibTIFF vulnerable to denial-of-service condition

2004-12-01 00:00:00

LibTIFF contains multiple heap-based buffer overflows

2004-12-01 00:00:00

LibTIFF contains multiple integer overflows

2004-12-01 00:00:00

debian

[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution

2004-10-15 17:51:16

[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution

2004-10-15 17:51:16

[SECURITY] [DSA 573-1] New cupsys packages fix arbitrary code execution

2004-10-21 14:18:22

osv

tiff - heap overflows

2004-10-15 00:00:00

tetex-bin - integer overflows

2004-11-25 00:00:00

xpdf - integer overflows

2004-11-02 00:00:00

slackware

[slackware-security] libtiff

2004-11-01 08:00:50

ubuntucve

CVE-2004-0889

2005-01-27 00:00:00

CVE-2004-0888

2005-01-27 00:00:00

CVE-2004-0938

2004-11-03 00:00:00

cve

CVE-2004-0888

2005-01-27 05:00:00

CVE-2004-0889

2005-01-27 05:00:00

CVE-2004-0938

2004-11-03 05:00:00

debiancve

CVE-2004-0889

2005-01-27 05:00:00

CVE-2004-0888

2005-01-27 05:00:00

CVE-2004-0938

2004-11-03 05:00:00

ubuntu

xpdf vulnerabilities

2004-11-02 00:00:00

xpdf vulnerabilities

2004-10-23 00:00:00

tetex-bin vulnerabilities

2004-10-28 00:00:00

checkpoint_advisories

FreeRADIUS Illegal Attributes Denial of Service - ver 2 (CVE-2004-0938)

2014-05-08 00:00:00

FreeRADIUS Illegal Attributes Denial of Service (CVE-2004-0938)

2009-12-08 00:00:00

prion

Integer overflow

2008-04-04 00:44:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.932 High

EPSS

Percentile

98.8%

JSON

Related for SUSE-SA:2004:038