VDB
ANCHORE-2004-1307
ANCHORE-2004-1307
PUBLISHED
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| f5 | icontrol_service_manager | 1.3.6, 1.3.5, 1.3.4 |
| sun | solaris | 10.0, 9.0-x86_update_2, 8.0 |
| avaya | interactive_response | 1.2.1, 1.3, 1.2.1 |
| avaya | call_management_system_server | 11.0, 8.0, 9.0 |
| sco | unixware | 7.1.4, 7.1.4, 7.1.4 |
| mandrakesoft | mandrake_linux_corporate_server | 3.0, 3.0, 3.0 |
| libtiff | libtiff | 3.5.3, 3.7.0, 3.6.1 |
| apple | mac_os_x | 10.3.9, 10.3, 10.3.1 |
| avaya | modular_messaging_message_storage_server | 1.1, 1.1, 1.1 |
| mandrakesoft | mandrake_linux | 10.0, 10.1, 10.0 |
| sun | sunos | 5.8, 5.7, 5.7 |
| conectiva | linux | 10.0, 9.0, 9.0 |
| sgi | propack | 3.0, 3.0, 3.0 |
| apple | mac_os_x_server | 10.3, 10.3.2, 10.3.1 |
Timeline
- May 4, 2005 CVE Published
- Aug 8, 2024 CVE Updated
References
- http://lists.apple.com/archives/security-announce/2005/May/msg00001.html url
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 url
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 url
- http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true url
- http://www.kb.cert.org/vuls/id/539110 url
- http://www.us-cert.gov/cas/techalerts/TA05-136A.html url
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175 url