Vulnerability Description
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libtiff | Libtiff | 3.4 |
| Pdflib | Pdf Library | 5.0.2 |
| Wxgtk2 | Wxgtk2 | All versions |
| Apple | Mac Os X | 10.2 |
| Apple | Mac Os X Server | 10.2 |
| Kde | Kde | 3.2 |
| Mandrakesoft | Mandrake Linux | 10.0 |
| Redhat | Enterprise Linux | 2.1 |
| Redhat | Enterprise Linux Desktop | 3.0 |
| Redhat | Fedora Core | core_2.0 |
| Redhat | Linux Advanced Workstation | 2.1 |
| Suse | Suse Linux | 1.0 |
| Trustix | Secure Linux | 1.5 |
References
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
- http://marc.info/?l=bugtraq&m=109779465621929&w=2
- http://secunia.com/advisories/12818
- http://securitytracker.com/id?1011674
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
- http://www.ciac.org/ciac/bulletins/p-015.shtml
- http://www.debian.org/security/2004/dsa-567
- http://www.kb.cert.org/vuls/id/687568US Government Resource
- http://www.kde.org/info/security/advisory-20041209-2.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
- http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
- http://www.redhat.com/support/errata/RHSA-2004-577.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-021.html
FAQ
What is CVE-2004-0886?
CVE-2004-0886 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
How severe is CVE-2004-0886?
CVE-2004-0886 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0886?
Check the references section above for vendor advisories and patch information. Affected products include: Libtiff Libtiff, Pdflib Pdf Library, Wxgtk2 Wxgtk2, Apple Mac Os X, Apple Mac Os X Server.