CVE-2004-1307

Published Dec 21, 2004
Last updated 6 years ago
CVSS info 7.5
Overview

Description: Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: NVD-CWE-Other
Hype score: Not currently trending
Vendor comments

Red HatThis issue was resolved in all affected libtiff versions as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 via a patch for CVE-2004-0886. For updates containing patches for CVE-2004-0886, see: https://rhn.redhat.com/errata/CVE-2004-0886.html
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:avaya:call_management_system_server:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "618B807E-29B5-4CD0-BBA2-E20E45AC192D"
          },
          {
            "criteria": "cpe:2.3:a:avaya:call_management_system_server:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E9C378A-2151-45D1-A7EC-1F27E794D878"
          },
          {
            "criteria": "cpe:2.3:a:avaya:call_management_system_server:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "18D3AF16-3591-44FB-B3F8-E92DAA8FA936"
          },
          {
            "criteria": "cpe:2.3:a:avaya:call_management_system_server:12.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80FF4D54-3E14-42CA-9FC6-2534B3F00903"
          },
          {
            "criteria": "cpe:2.3:a:avaya:call_management_system_server:13.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53D3C3D9-D54C-4D6C-9D82-7653445680C2"
          },
          {
            "criteria": "cpe:2.3:a:avaya:cvlan:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FE82341-3E73-4F5B-BD9E-06C83F22E831"
          },
          {
            "criteria": "cpe:2.3:a:avaya:integrated_management:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D12D6986-429E-4152-A6E5-4CC1FB9556D3"
          },
          {
            "criteria": "cpe:2.3:a:avaya:interactive_response:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EE68944-C31D-4B49-BC8F-07944E0E82AA"
          },
          {
            "criteria": "cpe:2.3:a:avaya:interactive_response:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3427704B-08E7-4B33-B4F0-071EFA4FAE9F"
          },
          {
            "criteria": "cpe:2.3:a:avaya:interactive_response:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C70755CC-4FF4-4E0E-9CFC-71F50FCC854E"
          },
          {
            "criteria": "cpe:2.3:a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12D21889-2F4E-460B-AA92-4E910B7CBBDA"
          },
          {
            "criteria": "cpe:2.3:a:f5:icontrol_service_manager:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A7379DC-AF87-436C-9942-8CC5CF781918"
          },
          {
            "criteria": "cpe:2.3:a:f5:icontrol_service_manager:1.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A2B0D82-C75B-43EB-9DD1-4270B8BE52A3"
          },
          {
            "criteria": "cpe:2.3:a:f5:icontrol_service_manager:1.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06819549-ECD7-4568-BB15-C0A226A65F91"
          },
          {
            "criteria": "cpe:2.3:a:f5:icontrol_service_manager:1.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72EA2403-F428-407E-B32E-C8D5792B4DB1"
          },
          {
            "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCA5EEB8-9D2C-49A9-BB08-CE5017B79D81"
          },
          {
            "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "261FAE51-5207-4136-9FFE-2330A281266C"
          },
          {
            "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B32C83B9-F7DA-450A-A687-9A73734CD712"
          },
          {
            "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9485283A-B73E-4567-914A-42A86F5FFCB4"
          },
          {
            "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95892168-0FB6-4E3F-9303-2F9B3CF60D2B"
          },
          {
            "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5021564-5E0A-4DDC-BC68-200B6050043E"
          },
          {
            "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19AA66E5-FDDD-4243-B945-DFEBDD25F258"
          },
          {
            "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62F359CD-5DC4-4919-B8E1-95BDDBD27EFC"
          },
          {
            "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2C8C550-3313-4266-B4B3-E9E9047CFE04"
          },
          {
            "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABEEBA7B-81D5-4148-912B-9AD448BBE741"
          },
          {
            "criteria": "cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29DC217F-C257-4A3C-9CBD-08010C30BEC3"
          },
          {
            "criteria": "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4007B0D-9606-46BD-866A-7911BEA292BE"
          },
          {
            "criteria": "cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A35FC777-A34E-4C7B-9E93-8F17F3AD5180"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D073442B-D7E7-4E07-AF2D-E22FE65B09A9"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFDADE04-29F0-446B-824B-0518880CF0A0"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED9BE602-A740-4CF7-9CAF-59061B16AB31"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33E698C1-C313-40E6-BAF9-7C8F9CF02484"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF2D00AC-FA2A-4C39-B796-DC19072862CF"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "421079DA-B605-4E05-9454-C30CF7631CF4"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93B734BA-3435-40A9-B22B-5D56CEB865A7"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4B57B3E-B1B2-4F13-99D3-4F9DB3C07B5E"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30897327-44DD-4D6C-B8B6-2D66C44EA55D"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B79D8F73-2E78-4A67-96BB-21AD9BCB0094"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC6931D5-DE7E-41F6-ADDC-AB5A8A167F69"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1E997653-C744-4F1F-9948-47579AB3BED3"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF5A416A-F198-4B9C-8221-D36CC8A7FE5C"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "384C130F-D1A9-4482-AF20-FC81933473A3"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8BCD1C5-1AFC-4287-9AFD-81FB3F4F9E54"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CA6BD2A-3022-408D-8E4F-50865996E965"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "463D5628-7536-4029-99D6-5E525050059E"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69A39B11-1C23-4A6C-B4C5-AEC40836F173"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78D48FD1-CB91-4310-9432-A4365FA67B11"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "750C6C37-8460-4ED8-83AD-ACAF993E4A6E"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8923EE1A-DD48-4EC8-8698-A33093FD709C"
          },
          {
            "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E25F5CF2-F891-41CA-A40C-13966F72FDF8"
          },
          {
            "criteria": "cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7417958C-5321-41D6-9D1A-D16BF5511E81"
          },
          {
            "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E661D58-18DF-4CCF-9892-F873618F4535"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BB0B27C-04EA-426F-9016-7406BACD91DF"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB2B1BA5-8370-4281-B5C9-3D4FE6C70FBC"
          },
          {
            "criteria": "cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "059218D3-A3AD-4A10-9AA4-FBB689321D90"
          },
          {
            "criteria": "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F1F312C-413F-4DB4-ABF4-48E33F6FECF2"
          },
          {
            "criteria": "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1894C542-AA81-40A9-BF47-AE24C93C1ACB"
          },
          {
            "criteria": "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A711CDC2-412C-499D-9FA6-7F25B06267C6"
          },
          {
            "criteria": "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B837BB7-5F62-4CD5-9C64-8553C28EA8A7"
          },
          {
            "criteria": "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F305CBD-4329-44DE-A85C-DE9FF371425E"
          },
          {
            "criteria": "cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BF232A9-9E0A-481E-918D-65FC82EF36D8"
          },
          {
            "criteria": "cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C0C3793-E011-4915-8F86-CE622A2D37D1"
          },
          {
            "criteria": "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08003947-A4F1-44AC-84C6-9F8D097EB759"
          },
          {
            "criteria": "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2475113-CFE4-41C8-A86F-F2DA6548D224"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References
