Lucene search
SuseSUSE-SA:2005:001HistoryJan 10, 2005 - 10:35 a.m.
remote system compromise in libtiff/tiff
2005-01-1010:35:29
lists.opensuse.org
8
0.129 Low
EPSS
Percentile
94.9%
Libtiff supports reading, writing, and manipulating of TIFF image files. iDEFENSE reported an integer overflow in libtiff that can be exploited by specific TIFF images to trigger a heap-based buffer overflow afterwards.
Solution
There is no workaround known.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 9.0 | x86_64 | libtiff | <Â 3.5.7-379 | libtiff-3.5.7-379.x86_64.rpm |
| openSUSE | 9.0 | i586 | tiff | <Â 3.5.7-379 | tiff-3.5.7-379.i586.rpm |
| openSUSE | 9.2 | x86_64 | libtiff-devel | <Â 3.6.1-47.4 | libtiff-devel-3.6.1-47.4.x86_64.rpm |
| openSUSE | 8.2 | i586 | tiff | <Â 3.5.7-379 | tiff-3.5.7-379.i586.rpm |
| openSUSE | 8.2 | i586 | libtiff | <Â 3.5.7-379 | libtiff-3.5.7-379.i586.rpm |
| openSUSE | 9.1 | x86_64 | tiff | <Â 3.6.1-38.14 | tiff-3.6.1-38.14.x86_64.rpm |
| openSUSE | 9.2 | i586 | tiff | <Â 3.6.1-47.4 | tiff-3.6.1-47.4.i586.rpm |
| openSUSE | 9.2 | x86_64 | tiff | <Â 3.6.1-47.4 | tiff-3.6.1-47.4.x86_64.rpm |
| openSUSE | 9.2 | i586 | libtiff | <Â 3.6.1-47.4 | libtiff-3.6.1-47.4.i586.rpm |
| openSUSE | 9.1 | i586 | libtiff | <Â 3.6.1-38.14 | libtiff-3.6.1-38.14.i586.rpm |
Related
nessus
nessus
SUSE-SA:2005:001: libtiff/tiff
2005-02-03 00:00:00
RHEL 2.1 / 3 : libtiff (RHSA-2005:019)
2005-01-13 00:00:00
RHEL 4 : libtiff (RHSA-2005:035)
2005-02-22 00:00:00
cert
cert
LibTIFF vulnerable to integer overflow via corrupted directory entry count
2005-01-11 00:00:00
LibTIFF vulnerable to integer overflow in the TIFFFetchStrip() routine
2005-01-20 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200501-06 (tiff)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200501-06 (tiff)
2008-09-24 00:00:00
Debian Security Advisory DSA 617-1 (tiff)
2008-01-17 00:00:00
securityvulns
securityvulns
redhat
redhat
(RHSA-2005:019) libtiff security update
2005-01-13 00:00:00
(RHSA-2005:035) libtiff security update
2005-02-15 00:00:00
(RHSA-2005:021) kdegraphics security update
2005-04-12 00:00:00
gentoo
gentoo
tiff: New overflows in image decoding
2005-01-05 00:00:00
ubuntucve
ubuntucve
CVE-2004-1308
2005-01-10 00:00:00
CVE-2004-1183
2005-01-06 00:00:00
debiancve
debiancve
CVE-2004-1308
2005-01-10 05:00:00
CVE-2004-1183
2005-01-06 05:00:00
ubuntu
ubuntu
TIFF library vulnerability
2004-12-22 00:00:00
TIFF library tool vulnerability
2005-01-07 00:00:00
freebsd
freebsd
tiff -- directory entry count integer overflow vulnerability
2004-12-17 00:00:00
tiff -- tiffdump integer overflow vulnerability
2005-01-06 00:00:00
osv
osv
libtiff - insufficient input validation
2004-12-24 00:00:00
tiff - unsanitised input
2005-01-06 00:00:00
debian
debian
[SECURITY] [DSA 617-1] New libtiff packages fix arbitrary code execution
2004-12-24 14:15:44
[SECURITY] [DSA 626-1] New tiff packages fix denial of service
2005-01-06 14:16:53
[SECURITY] [DSA 617-1] New libtiff packages fix arbitrary code execution
2004-12-24 14:15:44
cve
cve
CVE-2004-1308
2005-01-10 05:00:00
CVE-2004-1183
2005-01-06 05:00:00
centos
centos
kdegraphics security update
2005-04-12 16:01:20
kdegraphics security update
2005-04-12 23:05:10