Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2004-1307

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Published

2004-12-21T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    NVD-CWE-Other
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application avaya call_management_system_server 8.0 Yes
Application avaya call_management_system_server 9.0 Yes
Application avaya call_management_system_server 11.0 Yes
Application avaya call_management_system_server 12.0 Yes
Application avaya call_management_system_server 13.0 Yes
Application avaya cvlan * Yes
Application avaya integrated_management * Yes
Application avaya interactive_response * Yes
Application avaya interactive_response 1.2.1 Yes
Application avaya interactive_response 1.3 Yes
Application avaya intuity_audix_lx * Yes
Application f5 icontrol_service_manager 1.3 Yes
Application f5 icontrol_service_manager 1.3.4 Yes
Application f5 icontrol_service_manager 1.3.5 Yes
Application f5 icontrol_service_manager 1.3.6 Yes
Application libtiff libtiff 3.4 Yes
Application libtiff libtiff 3.5.1 Yes
Application libtiff libtiff 3.5.2 Yes
Application libtiff libtiff 3.5.3 Yes
Application libtiff libtiff 3.5.4 Yes
Application libtiff libtiff 3.5.5 Yes
Application libtiff libtiff 3.5.7 Yes
Application libtiff libtiff 3.6.0 Yes
Application libtiff libtiff 3.6.1 Yes
Application libtiff libtiff 3.7.0 Yes
Application sgi propack 3.0 Yes
Operating System conectiva linux 9.0 Yes
Operating System conectiva linux 10.0 Yes
Application avaya mn100 * Yes
Operating System apple mac_os_x 10.3 Yes
Operating System apple mac_os_x 10.3.1 Yes
Operating System apple mac_os_x 10.3.2 Yes
Operating System apple mac_os_x 10.3.3 Yes
Operating System apple mac_os_x 10.3.4 Yes
Operating System apple mac_os_x 10.3.5 Yes
Operating System apple mac_os_x 10.3.6 Yes
Operating System apple mac_os_x 10.3.7 Yes
Operating System apple mac_os_x 10.3.8 Yes
Operating System apple mac_os_x 10.3.9 Yes
Operating System apple mac_os_x_server 10.3 Yes
Operating System apple mac_os_x_server 10.3.1 Yes
Operating System apple mac_os_x_server 10.3.2 Yes
Operating System apple mac_os_x_server 10.3.3 Yes
Operating System apple mac_os_x_server 10.3.4 Yes
Operating System apple mac_os_x_server 10.3.5 Yes
Operating System apple mac_os_x_server 10.3.6 Yes
Operating System apple mac_os_x_server 10.3.7 Yes
Operating System apple mac_os_x_server 10.3.8 Yes
Operating System apple mac_os_x_server 10.3.9 Yes
Operating System avaya modular_messaging_message_storage_server 1.1 Yes
Operating System avaya modular_messaging_message_storage_server 2.0 Yes
Operating System gentoo linux * Yes
Operating System mandrakesoft mandrake_linux 10.0 Yes
Operating System mandrakesoft mandrake_linux 10.0 Yes
Operating System mandrakesoft mandrake_linux 10.1 Yes
Operating System mandrakesoft mandrake_linux 10.1 Yes
Operating System mandrakesoft mandrake_linux_corporate_server 3.0 Yes
Operating System mandrakesoft mandrake_linux_corporate_server 3.0 Yes
Operating System sco unixware 7.1.4 Yes
Operating System sun solaris 7.0 Yes
Operating System sun solaris 8.0 Yes
Operating System sun solaris 9.0 Yes
Operating System sun solaris 9.0 Yes
Operating System sun solaris 9.0 Yes
Operating System sun solaris 10.0 Yes
Operating System sun solaris 10.0 Yes
Operating System sun sunos 5.7 Yes
Operating System sun sunos 5.8 Yes
References