Vulnerabilities > CVE-2004-0886

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

Vulnerable Configurations

Part Description Count
Application
Libtiff
9
Application
Wxgtk2
2
Application
Pdflib
1
OS
Suse
7
OS
Redhat
13
OS
Apple
32
OS
Trustix
3
OS
Kde
6
OS
Mandrakesoft
2

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-354.NASL
    descriptionUpdated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17680
    published2005-04-02
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17680
    titleRHEL 2.1 / 3 : tetex (RHSA-2005:354)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:354. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17680);
      script_version ("1.25");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2004-0803", "CVE-2004-0804", "CVE-2004-0886", "CVE-2004-0888", "CVE-2004-1125");
      script_xref(name:"RHSA", value:"2005:354");
    
      script_name(english:"RHEL 2.1 / 3 : tetex (RHSA-2005:354)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated tetex packages that fix several integer overflows are now
    available.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes
    a text file and a set of formatting commands as input and creates a
    typesetter-independent .dvi (DeVice Independent) file as output.
    
    A number of security flaws have been found affecting libraries used
    internally within teTeX. An attacker who has the ability to trick a
    user into processing a malicious file with teTeX could cause teTeX to
    crash or possibly execute arbitrary code.
    
    A number of integer overflow bugs that affect Xpdf were discovered.
    The teTeX package contains a copy of the Xpdf code used for parsing
    PDF files and is therefore affected by these bugs. The Common
    Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
    names CVE-2004-0888 and CVE-2004-1125 to these issues.
    
    A number of integer overflow bugs that affect libtiff were discovered.
    The teTeX package contains an internal copy of libtiff used for
    parsing TIFF image files and is therefore affected by these bugs. The
    Common Vulnerabilities and Exposures project (cve.mitre.org) has
    assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to
    these issues.
    
    Also latex2html is added to package tetex-latex for 64bit platforms.
    
    Users of teTeX should upgrade to these updated packages, which contain
    backported patches and are not vulnerable to these issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0803"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0804"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0886"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0888"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-1125"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:354"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-afm");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-dvilj");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-dvips");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-fonts");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-latex");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tetex-xdvi");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/04/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/02");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:354";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-afm-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-doc-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-dvilj-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-dvips-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-fonts-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-latex-1.0.7-38.5E.8")) flag++;
      if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tetex-xdvi-1.0.7-38.5E.8")) flag++;
    
      if (rpm_check(release:"RHEL3", reference:"tetex-1.0.7-67.7")) flag++;
      if (rpm_check(release:"RHEL3", reference:"tetex-afm-1.0.7-67.7")) flag++;
      if (rpm_check(release:"RHEL3", reference:"tetex-dvips-1.0.7-67.7")) flag++;
      if (rpm_check(release:"RHEL3", reference:"tetex-fonts-1.0.7-67.7")) flag++;
      if (rpm_check(release:"RHEL3", reference:"tetex-latex-1.0.7-67.7")) flag++;
      if (rpm_check(release:"RHEL3", reference:"tetex-xdvi-1.0.7-67.7")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_HOLE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tetex / tetex-afm / tetex-doc / tetex-dvilj / tetex-dvips / etc");
      }
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200412-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200412-17 (kfax: Multiple overflows in the included TIFF library) Than Ngo discovered that kfax contains a private copy of the TIFF library and is therefore subject to several known vulnerabilities (see References). Impact : A remote attacker could entice a user to view a carefully-crafted TIFF image file with kfax, which would potentially lead to execution of arbitrary code with the rights of the user running kfax. Workaround : The KDE Team recommends to remove the kfax binary as well as the kfaxpart.la KPart: rm /usr/kde/3.*/lib/kde3/kfaxpart.la rm /usr/kde/3.*/bin/kfax Note: This will render the kfax functionality useless, if kfax functionality is needed you should upgrade to the KDE 3.3.2 which is not stable at the time of this writing. There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id16004
    published2004-12-20
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16004
    titleGLSA-200412-17 : kfax: Multiple overflows in the included TIFF library
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200412-17.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16004);
      script_version("1.20");
      script_cvs_date("Date: 2019/08/02 13:32:42");
    
      script_cve_id("CVE-2004-0803", "CVE-2004-0804", "CVE-2004-0886");
      script_xref(name:"GLSA", value:"200412-17");
    
      script_name(english:"GLSA-200412-17 : kfax: Multiple overflows in the included TIFF library");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200412-17
    (kfax: Multiple overflows in the included TIFF library)
    
        Than Ngo discovered that kfax contains a private copy of the TIFF
        library and is therefore subject to several known vulnerabilities (see
        References).
      
    Impact :
    
        A remote attacker could entice a user to view a carefully-crafted TIFF
        image file with kfax, which would potentially lead to execution of
        arbitrary code with the rights of the user running kfax.
      
    Workaround :
    
        The KDE Team recommends to remove the kfax binary as well as the
        kfaxpart.la KPart:
        rm /usr/kde/3.*/lib/kde3/kfaxpart.la
        rm /usr/kde/3.*/bin/kfax
        Note: This will render the kfax functionality useless, if kfax
        functionality is needed you should upgrade to the KDE 3.3.2 which is
        not stable at the time of this writing.
        There is no known workaround at this time."
      );
      # http://www.kde.org/info/security/advisory-20041209-2.txt
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.kde.org/info/security/advisory-20041209-2.txt"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200410-11"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200412-17"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All kfax users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=kde-base/kdegraphics-3.3.2'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:kdegraphics");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/12/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"kde-base/kdegraphics", unaffected:make_list("ge 3.3.2"), vulnerable:make_list("lt 3.3.2"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kfax");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2004_038.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2004:038 (libtiff). libtiff is used by image viewers and web browser to view
    last seen2020-06-01
    modified2020-06-02
    plugin id15552
    published2004-10-22
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15552
    titleSUSE-SA:2004:038: libtiff
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2004:038
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(15552);
     script_version ("1.12");
     script_bugtraq_id(11506);
     script_cve_id("CVE-2004-0803", "CVE-2004-0804", "CVE-2004-0886", "CVE-2004-0929");
     
     name["english"] = "SUSE-SA:2004:038: libtiff";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2004:038 (libtiff).
    
    
    libtiff is used by image viewers and web browser to view 'TIFF' images.
    These usually open and display those images without querying the user,
    making a normal system by default vulnerable to exploits of image
    library bugs.
    
    Chris Evans found several security related problems during an audit of
    the image handling library libtiff, some related to buffer overflows,
    some related to integer overflows and similar. This issue is being
    tracked by the CVE ID CVE-2004-0803.
    
    Matthias Claasen found a division by zero in libtiff. This is tracked
    by the CVE ID CVE-2004-0804.
    
    Further auditing by Dmitry Levin exposed several additional integer
    overflows. These are tracked by the CVE ID CVE-2004-0886.
    
    Additionally, iDEFENSE Security located a buffer overflow in the OJPEG
    (old JPEG) handling in the SUSE libtiff package. This was fixed by
    disabling the old JPEG support and is tracked by the CVE ID CVE-2004-0929.
    
    SUSE wishes to thank all the reporters, auditors, and programmers
    for helping to fix these problems." );
     script_set_attribute(attribute:"solution", value:
    "http://www.suse.de/security/2004_38_libtiff.html" );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"false");
    
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2004/10/22");
     script_cvs_date("Date: 2019/10/25 13:36:28");
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the libtiff package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"libtiff-3.5.7-376", release:"SUSE8.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"libtiff-3.5.7-376", release:"SUSE8.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"libtiff-3.5.7-376", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"libtiff-3.6.1-38.12", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if (rpm_exists(rpm:"libtiff-", release:"SUSE8.1")
     || rpm_exists(rpm:"libtiff-", release:"SUSE8.2")
     || rpm_exists(rpm:"libtiff-", release:"SUSE9.0")
     || rpm_exists(rpm:"libtiff-", release:"SUSE9.1") )
    {
     set_kb_item(name:"CVE-2004-0803", value:TRUE);
     set_kb_item(name:"CVE-2004-0804", value:TRUE);
     set_kb_item(name:"CVE-2004-0886", value:TRUE);
     set_kb_item(name:"CVE-2004-0929", value:TRUE);
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-111.NASL
    descriptionSeveral vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities : Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. (CVE-2004-0803) Matthias Clasen discovered a division by zero through an integer overflow. (CVE-2004-0804) Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption. (CVE-2004-0886)
    last seen2020-06-01
    modified2020-06-02
    plugin id24551
    published2007-02-18
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24551
    titleMandrake Linux Security Advisory : wxGTK2 (MDKSA-2004:111)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-052.NASL
    descriptionPrevious updates to correct integer overflow issues affecting xpdf overlooked certain conditions when built for a 64 bit platform. (formerly CVE-2004-0888). This also affects applications like kdegraphics, that use embedded versions of xpdf. (CVE-2005-0206) In addition, previous libtiff updates overlooked kdegraphics, which contains and embedded libtiff used for kfax. This update includes patches to address: CVE-2004-0803, CVE-2004-0804, CVE-2004-0886, CVE-2004-1183, CVE-2004-1308. The updated packages are patched to deal with these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id17281
    published2005-03-06
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17281
    titleMandrake Linux Security Advisory : kdegraphics (MDKSA-2005:052)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2004-305-02.NASL
    descriptionNew libtiff packages are available for Slackware 8.1, 9.0, 9.1, 10.1, and -current to fix security issues that could lead to application crashes, or possibly execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id18775
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/18775
    titleSlackware 10.0 / 8.1 / 9.0 / 9.1 / current : libtiff (SSA:2004-305-02)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_3897A2F81D5711D9BC4A000C41E2CDAD.NASL
    descriptionDmitry V. Levin discovered numerous integer overflow bugs in libtiff. Most of these bugs are related to memory management, and are believed to be exploitable for arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id37929
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/37929
    titleFreeBSD : tiff -- multiple integer overflows (3897a2f8-1d57-11d9-bc4a-000c41e2cdad)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_TIFF_361_2.NASL
    descriptionThe following package needs to be updated: fractorama
    last seen2016-09-26
    modified2004-10-18
    plugin id15504
    published2004-10-18
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=15504
    titleFreeBSD : tiff -- multiple integer overflows (193)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200412-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200412-02 (PDFlib: Multiple overflows in the included TIFF library) The TIFF library is subject to several known vulnerabilities (see GLSA 200410-11). Most of these overflows also apply to PDFlib. Impact : A remote attacker could entice a user or web application to process a carefully crafted PDF file or TIFF image using a PDFlib-powered program. This can potentially lead to the execution of arbitrary code with the rights of the program processing the file. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id15906
    published2004-12-05
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15906
    titleGLSA-200412-02 : PDFlib: Multiple overflows in the included TIFF library
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-354.NASL
    descriptionUpdated tetex packages that fix several integer overflows are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a typesetter-independent .dvi (DeVice Independent) file as output. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. A number of integer overflow bugs that affect Xpdf were discovered. The teTeX package contains a copy of the Xpdf code used for parsing PDF files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0888 and CVE-2004-1125 to these issues. A number of integer overflow bugs that affect libtiff were discovered. The teTeX package contains an internal copy of libtiff used for parsing TIFF image files and is therefore affected by these bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0803, CVE-2004-0804 and CVE-2004-0886 to these issues. Also latex2html is added to package tetex-latex for 64bit platforms. Users of teTeX should upgrade to these updated packages, which contain backported patches and are not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21809
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21809
    titleCentOS 3 : tetex (CESA-2005:354)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-567.NASL
    descriptionSeveral problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files. An attacker could prepare a specially crafted TIFF graphic that would cause the client to execute arbitrary code or crash. The Common Vulnerabilities and Exposures Project has identified the following problems : - CAN-2004-0803 Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. - CAN-2004-0804 Matthias Clasen discovered a division by zero through an integer overflow. - CAN-2004-0886 Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption.
    last seen2020-06-01
    modified2020-06-02
    plugin id15665
    published2004-11-10
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15665
    titleDebian DSA-567-1 : tiff - heap overflows
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-577.NASL
    descriptionUpdated libtiff packages that fix various buffer and integer overflows are now available. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0886 and CVE-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. All users are advised to upgrade to these errata packages, which contain fixes for these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15629
    published2004-11-04
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/15629
    titleRHEL 2.1 / 3 : libtiff (RHSA-2004:577)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-021.NASL
    descriptionUpdated kdegraphics packages that resolve multiple security issues in kfax are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team The kdegraphics package contains graphics applications for the K Desktop Environment. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0886 and CVE-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id18017
    published2005-04-12
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18017
    titleRHEL 2.1 / 3 : kdegraphics (RHSA-2005:021)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD20041202.NASL
    descriptionThe remote host is missing Security Update 2004-12-02. This security update contains a number of fixes for the following programs : - Apache - Apache2 - AppKit - Cyrus IMAP - HIToolbox - Kerberos - Postfix - PSNormalizer - QuickTime Streaming Server - Safari - Terminal These programs contain multiple vulnerabilities that could allow a remote attacker to execute arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id15898
    published2004-12-02
    reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15898
    titleMac OS X Multiple Vulnerabilities (Security Update 2004-12-02)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-021.NASL
    descriptionUpdated kdegraphics packages that resolve multiple security issues in kfax are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team The kdegraphics package contains graphics applications for the K Desktop Environment. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0886 and CVE-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id21795
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21795
    titleCentOS 3 : kdegraphics (CESA-2005:021)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-334.NASL
    descriptionThe libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0886 to this issue. Additionally, a number of buffer overflow bugs that affect libtiff have been found. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. All users are advised to upgrade to these errata packages, which contain fixes for these issues. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id15475
    published2004-10-15
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15475
    titleFedora Core 2 : libtiff-3.5.7-20.2 (2004-334)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2004-109.NASL
    descriptionSeveral vulnerabilities have been discovered in the libtiff package : Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. (CVE-2004-0803) Matthias Clasen discovered a division by zero through an integer overflow. (CVE-2004-0804) Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption. (CVE-2004-0886)
    last seen2020-06-01
    modified2020-06-02
    plugin id15523
    published2004-10-20
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15523
    titleMandrake Linux Security Advisory : libtiff (MDKSA-2004:109)

Oval

  • accepted2005-11-16T08:02:00.000-04:00
    classvulnerability
    contributors
    nameRobert L. Hollis
    organizationThreatGuard, Inc.
    descriptionMultiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
    familyunix
    idoval:org.mitre.oval:def:100116
    statusaccepted
    submitted2005-08-16T12:00:00.000-04:00
    titlelibtiff Malloc Error Denial of Service
    version36
  • accepted2013-04-29T04:23:14.435-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    descriptionMultiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
    familyunix
    idoval:org.mitre.oval:def:9907
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleMultiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
    version26

Redhat

advisories
  • rhsa
    idRHSA-2004:577
  • rhsa
    idRHSA-2005:021
  • rhsa
    idRHSA-2005:354
rpms
  • libtiff-0:3.5.7-20.1
  • libtiff-debuginfo-0:3.5.7-20.1
  • libtiff-devel-0:3.5.7-20.1
  • kdegraphics-7:3.1.3-3.7
  • kdegraphics-debuginfo-7:3.1.3-3.7
  • kdegraphics-devel-7:3.1.3-3.7
  • tetex-0:1.0.7-67.7
  • tetex-afm-0:1.0.7-67.7
  • tetex-debuginfo-0:1.0.7-67.7
  • tetex-dvips-0:1.0.7-67.7
  • tetex-fonts-0:1.0.7-67.7
  • tetex-latex-0:1.0.7-67.7
  • tetex-xdvi-0:1.0.7-67.7