Vulnerability Description
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libtiff | Libtiff | 3.4 |
| Pdflib | Pdf Library | 5.0.2 |
| Wxgtk2 | Wxgtk2 | 2.5_.0 |
| Apple | Mac Os X | 10.2 |
| Apple | Mac Os X Server | 10.2 |
| Kde | Kde | 3.2 |
| Mandrakesoft | Mandrake Linux | 10.0 |
| Redhat | Enterprise Linux | 2.1 |
| Redhat | Enterprise Linux Desktop | 3.0 |
| Redhat | Fedora Core | core_2.0 |
| Redhat | Linux Advanced Workstation | 2.1 |
| Suse | Suse Linux | 1.0 |
| Trustix | Secure Linux | 1.5 |
References
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
- http://marc.info/?l=bugtraq&m=109778785107450&w=2
- http://scary.beasts.org/security/CESA-2004-006.txt
- http://secunia.com/advisories/12818
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
- http://www.debian.org/security/2004/dsa-567PatchVendor Advisory
- http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml
- http://www.kb.cert.org/vuls/id/948752Third Party AdvisoryUS Government Resource
- http://www.kde.org/info/security/advisory-20041209-2.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
- http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
- http://www.redhat.com/support/errata/RHSA-2004-577.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-021.html
FAQ
What is CVE-2004-0803?
CVE-2004-0803 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code vi...
How severe is CVE-2004-0803?
CVE-2004-0803 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0803?
Check the references section above for vendor advisories and patch information. Affected products include: Libtiff Libtiff, Pdflib Pdf Library, Wxgtk2 Wxgtk2, Apple Mac Os X, Apple Mac Os X Server.