Vulnerability Description
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Avaya | Call Management System Server | 8.0 |
| Avaya | Cvlan | All versions |
| Avaya | Integrated Management | All versions |
| Avaya | Interactive Response | All versions |
| Avaya | Intuity Audix Lx | All versions |
| F5 | Icontrol Service Manager | 1.3 |
| Libtiff | Libtiff | 3.4 |
| Sgi | Propack | 3.0 |
| Conectiva | Linux | 9.0 |
| Avaya | Mn100 | All versions |
| Apple | Mac Os X | 10.3 |
| Apple | Mac Os X Server | 10.3 |
| Avaya | Modular Messaging Message Storage Server | 1.1 |
| Gentoo | Linux | All versions |
| Mandrakesoft | Mandrake Linux | 10.0 |
| Mandrakesoft | Mandrake Linux Corporate Server | 3.0 |
| Sco | Unixware | 7.1.4 |
| Sun | Solaris | 7.0 |
| Sun | Sunos | 5.7 |
References
- http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlPatchVendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
- http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flasPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/539110PatchThird Party AdvisoryUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlUS Government Resource
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlPatchVendor Advisory
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
- http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flasPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/539110PatchThird Party AdvisoryUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA05-136A.htmlUS Government Resource
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2004-1307?
CVE-2004-1307 is a vulnerability with a CVSS score of 7.5 (HIGH). Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number ...
How severe is CVE-2004-1307?
CVE-2004-1307 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1307?
Check the references section above for vendor advisories and patch information. Affected products include: Avaya Call Management System Server, Avaya Cvlan, Avaya Integrated Management, Avaya Interactive Response, Avaya Intuity Audix Lx.