CVE-2004-1307

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-1307
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/539110 Patch Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA05-136A.html US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html Patch Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/539110 Patch Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA05-136A.html US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:avaya:call_management_system_server:8.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system_server:9.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system_server:11.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system_server:12.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:call_management_system_server:13.0:*:*:*:*:*:*:*
cpe:2.3:a:avaya:cvlan:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:integrated_management:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:interactive_response:*:*:*:*:*:*:*:*
cpe:2.3:a:avaya:interactive_response:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:avaya:interactive_response:1.3:*:*:*:*:*:*:*
cpe:2.3:a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:icontrol_service_manager:1.3:*:*:*:*:*:*:*
cpe:2.3:a:f5:icontrol_service_manager:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:f5:icontrol_service_manager:1.3.5:*:*:*:*:*:*:*
cpe:2.3:a:f5:icontrol_service_manager:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*
cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*
cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
History

No history.

Information

Published : 2004-12-21 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-1307

Mitre link : CVE-2004-1307

CVE.ORG link : CVE-2004-1307

JSON object : View

Products Affected

libtiff

  • libtiff

sgi

  • propack

avaya

  • interactive_response
  • call_management_system_server
  • mn100
  • modular_messaging_message_storage_server
  • integrated_management
  • cvlan
  • intuity_audix_lx

f5

  • icontrol_service_manager

sco

  • unixware

sun

  • solaris
  • sunos

gentoo

  • linux

mandrakesoft

  • mandrake_linux
  • mandrake_linux_corporate_server

apple

  • mac_os_x
  • mac_os_x_server

conectiva

  • linux
CWE
NVD-CWE-Other