VDB

ANCHORE-2004-1307

ANCHORE-2004-1307 PUBLISHED

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Affected Products

VendorProductVersions
f5icontrol_service_manager1.3.6, 1.3.5, 1.3.4
sunsolaris10.0, 9.0-x86_update_2, 8.0
avayainteractive_response1.2.1, 1.3, 1.2.1
avayacall_management_system_server11.0, 8.0, 9.0
scounixware7.1.4, 7.1.4, 7.1.4
mandrakesoftmandrake_linux_corporate_server3.0, 3.0, 3.0
libtifflibtiff3.5.3, 3.7.0, 3.6.1
applemac_os_x10.3.9, 10.3, 10.3.1
avayamodular_messaging_message_storage_server1.1, 1.1, 1.1
mandrakesoftmandrake_linux10.0, 10.1, 10.0
sunsunos5.8, 5.7, 5.7
conectivalinux10.0, 9.0, 9.0
sgipropack3.0, 3.0, 3.0
applemac_os_x_server10.3, 10.3.2, 10.3.1

Timeline

  • May 4, 2005 CVE Published
  • Aug 8, 2024 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›