Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
References
Link | Resource |
---|---|
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html | Patch Vendor Advisory |
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 | |
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 | |
http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true | Patch Vendor Advisory |
http://www.kb.cert.org/vuls/id/539110 | Patch Third Party Advisory US Government Resource |
http://www.us-cert.gov/cas/techalerts/TA05-136A.html | US Government Resource |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2004-12-21 05:00
Updated : 2023-12-10 10:17
NVD link : CVE-2004-1307
Mitre link : CVE-2004-1307
CVE.ORG link : CVE-2004-1307
JSON object : View
Products Affected
sun
- sunos
- solaris
avaya
- interactive_response
- intuity_audix_lx
- call_management_system_server
- mn100
- cvlan
- integrated_management
- modular_messaging_message_storage_server
conectiva
- linux
apple
- mac_os_x_server
- mac_os_x
mandrakesoft
- mandrake_linux_corporate_server
- mandrake_linux
sco
- unixware
libtiff
- libtiff
f5
- icontrol_service_manager
gentoo
- linux
sgi
- propack
CWE