Vulnerabilities > CVE-2004-1307

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Avaya Avaya Call Management System Server 8.0 Avaya Call Management System Server 9.0 Avaya Call Management System Server 11.0 Avaya Call Management System Server 12.0 Avaya Call Management System Server 13.0 Avaya Cvlan * Avaya Integrated Management * Avaya Interactive Response * Avaya Interactive Response 1.2.1 Avaya Interactive Response 1.3 Avaya Intuity Audix LX * Avaya Mn100 *	12
Application	F5 F5 Icontrol Service Manager 1.3 F5 Icontrol Service Manager 1.3.4 F5 Icontrol Service Manager 1.3.5 F5 Icontrol Service Manager 1.3.6	4
Application	Libtiff Libtiff Libtiff 3.4 Libtiff Libtiff 3.5.1 Libtiff Libtiff 3.5.2 Libtiff Libtiff 3.5.3 Libtiff Libtiff 3.5.4 Libtiff Libtiff 3.5.5 Libtiff Libtiff 3.5.7 Libtiff Libtiff 3.6.0 Libtiff Libtiff 3.6.1 Libtiff Libtiff 3.7.0	10
Application	Sgi SGI Propack 3.0	1
OS	Conectiva Conectiva Linux 9.0 Conectiva Linux 10.0	2
OS	Apple Apple MAC OS X 10.3 Apple MAC OS X 10.3.1 Apple MAC OS X 10.3.2 Apple MAC OS X 10.3.3 Apple MAC OS X 10.3.4 Apple MAC OS X 10.3.5 Apple MAC OS X 10.3.6 Apple MAC OS X 10.3.7 Apple MAC OS X 10.3.8 Apple MAC OS X 10.3.9 Apple MAC OS X Server 10.3 Apple MAC OS X Server 10.3.1 Apple MAC OS X Server 10.3.2 Apple MAC OS X Server 10.3.3 Apple MAC OS X Server 10.3.4 Apple MAC OS X Server 10.3.5 Apple MAC OS X Server 10.3.6 Apple MAC OS X Server 10.3.7 Apple MAC OS X Server 10.3.8 Apple MAC OS X Server 10.3.9	20
OS	Avaya Avaya Modular Messaging Message Storage Server 1.1 Avaya Modular Messaging Message Storage Server 2.0	2
OS	Gentoo Gentoo Linux *	1
OS	Mandrakesoft Mandrakesoft Mandrake Linux 10.0 Mandrakesoft Mandrake Linux 10.1 Mandrakesoft Mandrake Linux Corporate Server 3.0	6
OS	Sco SCO Unixware 7.1.4	1
OS	Sun SUN Solaris 7.0 SUN Solaris 8.0 SUN Solaris 9.0 SUN Solaris 10.0 SUN Sunos 5.7 SUN Sunos 5.8	9

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-002.NASL
description	Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities : iDefense reported the possibility of remote exploitation of an integer overflow in libtiff that may allow for the execution of arbitrary code. The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag. iDefense also reported a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code. (CVE-2004-1308) The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry. The updated packages are patched to protect against these vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	16115
published	2005-01-07
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16115
title	Mandrake Linux Security Advisory : wxGTK2 (MDKSA-2005:002)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:002. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(16115); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-1183", "CVE-2004-1307", "CVE-2004-1308"); script_xref(name:"MDKSA", value:"2005:002"); script_name(english:"Mandrake Linux Security Advisory : wxGTK2 (MDKSA-2005:002)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities : iDefense reported the possibility of remote exploitation of an integer overflow in libtiff that may allow for the execution of arbitrary code. The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag. iDefense also reported a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code. (CVE-2004-1308) The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry. The updated packages are patched to protect against these vulnerabilities." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wxgtk2.5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wxgtk2.5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wxgtk2.5_1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wxgtk2.5_1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wxgtkgl2.5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64wxgtkgl2.5_1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwxgtk2.5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwxgtk2.5-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwxgtk2.5_1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwxgtk2.5_1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwxgtkgl2.5"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libwxgtkgl2.5_1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wxGTK2.5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/01/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64wxgtk2.5-2.5.0-0.cvs20030817.1.5.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64wxgtk2.5-devel-2.5.0-0.cvs20030817.1.5.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"amd64", reference:"lib64wxgtkgl2.5-2.5.0-0.cvs20030817.1.5.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libwxgtk2.5-2.5.0-0.cvs20030817.1.5.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libwxgtk2.5-devel-2.5.0-0.cvs20030817.1.5.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libwxgtkgl2.5-2.5.0-0.cvs20030817.1.5.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"wxGTK2.5-2.5.0-0.cvs20030817.1.5.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64wxgtk2.5_1-2.5.1-5.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64wxgtk2.5_1-devel-2.5.1-5.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"x86_64", reference:"lib64wxgtkgl2.5_1-2.5.1-5.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libwxgtk2.5_1-2.5.1-5.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libwxgtk2.5_1-devel-2.5.1-5.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", cpu:"i386", reference:"libwxgtkgl2.5_1-2.5.1-5.3.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"wxGTK2.5-2.5.1-5.3.101mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2005-005.NASL
description	The remote host is missing Security Update 2005-005. This security update contains fixes for the following applications : - Apache - AppKit - AppleScript - Bluetooth - Directory Services - Finder - Foundation - HelpViewer - LDAP - libXpm - lukemftpd - NetInfo - ServerAdmin - sudo - Terminal - VPN These programs have multiple vulnerabilities that could allow a remote attacker to execute arbitrary code.
last seen	2020-06-01
modified	2020-06-02
plugin id	18189
published	2005-05-03
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18189
title	Mac OS X Multiple Vulnerabilities (Security Update 2005-005)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2004-577.NASL
description	Updated libtiff packages that fix various buffer and integer overflows are now available. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. TIFF is a widely used file format for bitmapped images. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0886 and CVE-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause the application linked to libtiff to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. All users are advised to upgrade to these errata packages, which contain fixes for these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	15629
published	2004-11-04
reporter	This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/15629
title	RHEL 2.1 / 3 : libtiff (RHSA-2004:577)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-001.NASL
description	Several vulnerabilities have been discovered in the libtiff package : iDefense reported the possibility of remote exploitation of an integer overflow in libtiff that may allow for the execution of arbitrary code. The overflow occurs in the parsing of TIFF files set with the STRIPOFFSETS flag. iDefense also reported a heap-based buffer overflow vulnerability within the LibTIFF package could allow attackers to execute arbitrary code. (CVE-2004-1308) The vulnerability specifically exists due to insufficient validation of user-supplied data when calculating the size of a directory entry. The updated packages are patched to protect against these vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	16114
published	2005-01-07
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16114
title	Mandrake Linux Security Advisory : libtiff (MDKSA-2005:001)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-021.NASL
description	Updated kdegraphics packages that resolve multiple security issues in kfax are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team The kdegraphics package contains graphics applications for the K Desktop Environment. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0886 and CVE-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	18017
published	2005-04-12
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/18017
title	RHEL 2.1 / 3 : kdegraphics (RHSA-2005:021)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2005-021.NASL
description	Updated kdegraphics packages that resolve multiple security issues in kfax are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team The kdegraphics package contains graphics applications for the K Desktop Environment. During a source code audit, Chris Evans discovered a number of integer overflow bugs that affect libtiff. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2004-0886 and CVE-2004-0804 to these issues. Additionally, a number of buffer overflow bugs that affect libtiff have been found. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs. An attacker who has the ability to trick a user into opening a malicious TIFF file could cause kfax to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0803 to this issue. Users of kfax should upgrade to these updated packages, which contain backported patches and are not vulnerable to this issue.
last seen	2020-06-01
modified	2020-06-02
plugin id	21795
published	2006-07-03
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21795
title	CentOS 3 : kdegraphics (CESA-2005:021)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-617.NASL
description	'infamous41md
last seen	2020-06-01
modified	2020-06-02
plugin id	16048
published	2004-12-27
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/16048
title	Debian DSA-617-1 : tiff - insufficient input validation

Oval

accepted

2013-04-29T04:12:04.478-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651

description

family

unix

oval:org.mitre.oval:def:11175

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

rpms

libtiff-0:3.5.7-20.1
libtiff-debuginfo-0:3.5.7-20.1
libtiff-devel-0:3.5.7-20.1
kdegraphics-7:3.1.3-3.7
kdegraphics-debuginfo-7:3.1.3-3.7
kdegraphics-devel-7:3.1.3-3.7

Statements

contributor	Tomas Hoger
lastmodified	2008-08-12
organization	Red Hat
statement	This issue was resolved in all affected libtiff versions as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 via a patch for CVE-2004-0886. For updates containing patches for CVE-2004-0886, see: https://rhn.redhat.com/errata/CVE-2004-0886.html

Vulnerabilities > CVE-2004-1307 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2004-1307"}]}

Summary