Vulnerabilities > CVE-2004-0803 - Buffer Overflow vulnerability in LibTIFF
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
Vulnerable Configurations
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-354.NASL description Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17680 published 2005-04-02 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/17680 title RHEL 2.1 / 3 : tetex (RHSA-2005:354) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:354. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(17680); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2004-0803", "CVE-2004-0804", "CVE-2004-0886", "CVE-2004-0888", "CVE-2004-1125"); script_xref(name:"RHSA", value:"2005:354"); script_name(english:"RHEL 2.1 / 3 : tetex (RHSA-2005:354)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0803" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0804" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0886" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0888" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-1125" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:354" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_cwe_id(20); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-afm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-dvilj"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-dvips"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-fonts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-latex"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-xdvi"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/03"); script_set_attribute(attribute:"patch_publication_date", value:"2005/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/02"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:354"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-afm-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-doc-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-dvilj-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-dvips-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-fonts-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-latex-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-xdvi-1.0.7-38.5E.8")) flag++; if (rpm_check(release:"RHEL3", reference:"tetex-1.0.7-67.7")) flag++; if (rpm_check(release:"RHEL3", reference:"tetex-afm-1.0.7-67.7")) flag++; if (rpm_check(release:"RHEL3", reference:"tetex-dvips-1.0.7-67.7")) flag++; if (rpm_check(release:"RHEL3", reference:"tetex-fonts-1.0.7-67.7")) flag++; if (rpm_check(release:"RHEL3", reference:"tetex-latex-1.0.7-67.7")) flag++; if (rpm_check(release:"RHEL3", reference:"tetex-xdvi-1.0.7-67.7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tetex / tetex-afm / tetex-doc / tetex-dvilj / tetex-dvips / etc"); } }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_F6680C030BD811D98A8A000C41E2CDAD.NASL description Chris Evans discovered several heap buffer overflows in libtiff last seen 2020-06-01 modified 2020-06-02 plugin id 19172 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/19172 title FreeBSD : tiff -- RLE decoder heap overflows (f6680c03-0bd8-11d9-8a8a-000c41e2cdad) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200412-17.NASL description The remote host is affected by the vulnerability described in GLSA-200412-17 (kfax: Multiple overflows in the included TIFF library) Than Ngo discovered that kfax contains a private copy of the TIFF library and is therefore subject to several known vulnerabilities (see References). Impact : A remote attacker could entice a user to view a carefully-crafted TIFF image file with kfax, which would potentially lead to execution of arbitrary code with the rights of the user running kfax. Workaround : The KDE Team recommends to remove the kfax binary as well as the kfaxpart.la KPart: rm /usr/kde/3.*/lib/kde3/kfaxpart.la rm /usr/kde/3.*/bin/kfax Note: This will render the kfax functionality useless, if kfax functionality is needed you should upgrade to the KDE 3.3.2 which is not stable at the time of this writing. There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 16004 published 2004-12-20 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/16004 title GLSA-200412-17 : kfax: Multiple overflows in the included TIFF library NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_038.NASL description The remote host is missing the patch for the advisory SUSE-SA:2004:038 (libtiff). libtiff is used by image viewers and web browser to view last seen 2020-06-01 modified 2020-06-02 plugin id 15552 published 2004-10-22 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15552 title SUSE-SA:2004:038: libtiff NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-111.NASL description Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities : Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. (CVE-2004-0803) Matthias Clasen discovered a division by zero through an integer overflow. (CVE-2004-0804) Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption. (CVE-2004-0886) last seen 2020-06-01 modified 2020-06-02 plugin id 24551 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24551 title Mandrake Linux Security Advisory : wxGTK2 (MDKSA-2004:111) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-052.NASL description Previous updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CVE-2004-0888). This also affects applications like kdegraphics, that use embedded versions of xpdf. (CVE-2005-0206) In addition, previous libtiff updates overlooked kdegraphics, which contains and embedded libtiff used for kfax. This update includes patches to address: CVE-2004-0803, CVE-2004-0804, CVE-2004-0886, CVE-2004-1183, CVE-2004-1308. The updated packages are patched to deal with these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 17281 published 2005-03-06 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17281 title Mandrake Linux Security Advisory : kdegraphics (MDKSA-2005:052) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2004-305-02.NASL description New libtiff packages are available for Slackware 8.1, 9.0, 9.1, 10.1, and -current to fix security issues that could lead to application crashes, or possibly execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 18775 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18775 title Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : libtiff (SSA:2004-305-02) NASL family Fedora Local Security Checks NASL id FEDORA_2004-357.NASL description A problem with PDF handling was discovered by Chris Evans, and has been fixed. The Common Vulnerabilities and Exposures project (www.mitre.org) has assigned the name CVE-2004-0888 to this issue. a number of buffer overflow bugs that affect libtiff have been found. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15584 published 2004-10-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15584 title Fedora Core 2 : kdegraphics-3.2.2-1.1 (2004-357) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200412-02.NASL description The remote host is affected by the vulnerability described in GLSA-200412-02 (PDFlib: Multiple overflows in the included TIFF library) The TIFF library is subject to several known vulnerabilities (see GLSA 200410-11). Most of these overflows also apply to PDFlib. Impact : A remote attacker could entice a user or web application to process a carefully crafted PDF file or TIFF image using a PDFlib-powered program. This can potentially lead to the execution of arbitrary code with the rights of the program processing the file. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 15906 published 2004-12-05 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15906 title GLSA-200412-02 : PDFlib: Multiple overflows in the included TIFF library NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-354.NASL description Updated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21809 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21809 title CentOS 3 : tetex (CESA-2005:354) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-567.NASL description Several problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files. An attacker could prepare a specially crafted TIFF graphic that would cause the client to execute arbitrary code or crash. The Common Vulnerabilities and Exposures Project has identified the following problems : - CAN-2004-0803 Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. - CAN-2004-0804 Matthias Clasen discovered a division by zero through an integer overflow. - CAN-2004-0886 Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption. last seen 2020-06-01 modified 2020-06-02 plugin id 15665 published 2004-11-10 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15665 title Debian DSA-567-1 : tiff - heap overflows NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-577.NASL description Updated libtiff packages that fix various buffer and integer overflows are now available. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0886 and CVE-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. All users are advised to upgrade to these errata packages, which contain fixes for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15629 published 2004-11-04 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15629 title RHEL 2.1 / 3 : libtiff (RHSA-2004:577) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-021.NASL description Updated kdegraphics packages that resolve multiple security issues in kfax are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team The kdegraphics package contains graphics applications for the K Desktop Environment. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0886 and CVE-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 18017 published 2005-04-12 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18017 title RHEL 2.1 / 3 : kdegraphics (RHSA-2005:021) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200410-11.NASL description The remote host is affected by the vulnerability described in GLSA-200410-11 (tiff: Buffer overflows in image decoding) Chris Evans found heap-based overflows in RLE decoding routines in tif_next.c, tif_thunder.c and potentially tif_luv.c. Impact : A remote attacker could entice a user to view a carefully crafted TIFF image file, which would potentially lead to execution of arbitrary code with the rights of the user viewing the image. This affects any program that makes use of the tiff library, including GNOME and KDE web browsers or mail readers. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 15472 published 2004-10-14 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15472 title GLSA-200410-11 : tiff: Buffer overflows in image decoding NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD20041202.NASL description The remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 15898 published 2004-12-02 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15898 title Mac OS X Multiple Vulnerabilities (Security Update 2004-12-02) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2005-021.NASL description Updated kdegraphics packages that resolve multiple security issues in kfax are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team The kdegraphics package contains graphics applications for the K Desktop Environment. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0886 and CVE-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 21795 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21795 title CentOS 3 : kdegraphics (CESA-2005:021) NASL family Fedora Local Security Checks NASL id FEDORA_2004-334.NASL description The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0886 to this issue. Additionally, a number of buffer overflow bugs that affect libtiff have been found. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. All users are advised to upgrade to these errata packages, which contain fixes for these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 15475 published 2004-10-15 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15475 title Fedora Core 2 : libtiff-3.5.7-20.2 (2004-334) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-109.NASL description Several vulnerabilities have been discovered in the libtiff package : Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. (CVE-2004-0803) Matthias Clasen discovered a division by zero through an integer overflow. (CVE-2004-0804) Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption. (CVE-2004-0886) last seen 2020-06-01 modified 2020-06-02 plugin id 15523 published 2004-10-20 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15523 title Mandrake Linux Security Advisory : libtiff (MDKSA-2004:109)
Oval
accepted 2005-11-16T08:02:00.000-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. description Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. family unix id oval:org.mitre.oval:def:100114 status accepted submitted 2005-08-16T12:00:00.000-04:00 title libtiff RLE Decoder Buffer Overflow Vulnerabilities version 36 accepted 2013-04-29T04:17:58.649-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651
description Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. family unix id oval:org.mitre.oval:def:8896 status accepted submitted 2010-07-09T03:56:16-04:00 title Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. version 26
Redhat
| advisories |
| ||||||||||||
| rpms |
|
References
- http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888
- http://marc.info/?l=bugtraq&m=109778785107450&w=2
- http://scary.beasts.org/security/CESA-2004-006.txt
- http://secunia.com/advisories/12818
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
- http://www.debian.org/security/2004/dsa-567
- http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml
- http://www.kb.cert.org/vuls/id/948752
- http://www.kde.org/info/security/advisory-20041209-2.txt
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:109
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
- http://www.novell.com/linux/security/advisories/2004_38_libtiff.html
- http://www.redhat.com/support/errata/RHSA-2004-577.html
- http://www.redhat.com/support/errata/RHSA-2005-021.html
- http://www.redhat.com/support/errata/RHSA-2005-354.html
- http://www.securityfocus.com/bid/11406
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17703
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896