Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2004-1307
HistoryMay 04, 2005 - 4:00 a.m.

CVE-2004-1307

2005-05-0404:00:00
[email protected]
web.nvd.nist.gov
33
cve-2004-1307
libtiff
integer overflow
remote code execution
buffer overflow
heap-based overflow
tif_dirread.c

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.048 Low

EPSS

Percentile

92.8%

JSON

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Affected configurations

NVD
Node
avayacall_management_system_serverMatch8.0
OR
avayacall_management_system_serverMatch9.0
OR
avayacall_management_system_serverMatch11.0
OR
avayacall_management_system_serverMatch12.0
OR
avayacall_management_system_serverMatch13.0
OR
avayacvlan
OR
avayaintegrated_management
OR
avayainteractive_response
OR
avayainteractive_responseMatch1.2.1
OR
avayainteractive_responseMatch1.3
OR
avayaintuity_audix_lx
OR
f5icontrol_service_managerMatch1.3
OR
f5icontrol_service_managerMatch1.3.4
OR
f5icontrol_service_managerMatch1.3.5
OR
f5icontrol_service_managerMatch1.3.6
OR
libtifflibtiffMatch3.4
OR
libtifflibtiffMatch3.5.1
OR
libtifflibtiffMatch3.5.2
OR
libtifflibtiffMatch3.5.3
OR
libtifflibtiffMatch3.5.4
OR
libtifflibtiffMatch3.5.5
OR
libtifflibtiffMatch3.5.7
OR
libtifflibtiffMatch3.6.0
OR
libtifflibtiffMatch3.6.1
OR
libtifflibtiffMatch3.7.0
OR
sgipropackMatch3.0
OR
conectivalinuxMatch9.0
OR
conectivalinuxMatch10.0
Node
avayamn100
OR
applemac_os_xMatch10.3
OR
applemac_os_xMatch10.3.1
OR
applemac_os_xMatch10.3.2
OR
applemac_os_xMatch10.3.3
OR
applemac_os_xMatch10.3.4
OR
applemac_os_xMatch10.3.5
OR
applemac_os_xMatch10.3.6
OR
applemac_os_xMatch10.3.7
OR
applemac_os_xMatch10.3.8
OR
applemac_os_xMatch10.3.9
OR
applemac_os_x_serverMatch10.3
OR
applemac_os_x_serverMatch10.3.1
OR
applemac_os_x_serverMatch10.3.2
OR
applemac_os_x_serverMatch10.3.3
OR
applemac_os_x_serverMatch10.3.4
OR
applemac_os_x_serverMatch10.3.5
OR
applemac_os_x_serverMatch10.3.6
OR
applemac_os_x_serverMatch10.3.7
OR
applemac_os_x_serverMatch10.3.8
OR
applemac_os_x_serverMatch10.3.9
OR
avayamodular_messaging_message_storage_serverMatch1.1
OR
avayamodular_messaging_message_storage_serverMatch2.0
OR
gentoolinux
OR
mandrakesoftmandrake_linuxMatch10.0
OR
mandrakesoftmandrake_linuxMatch10.0amd64
OR
mandrakesoftmandrake_linuxMatch10.1
OR
mandrakesoftmandrake_linuxMatch10.1x86_64
OR
mandrakesoftmandrake_linux_corporate_serverMatch3.0
OR
mandrakesoftmandrake_linux_corporate_serverMatch3.0x86_64
OR
scounixwareMatch7.1.4
OR
sunsolarisMatch7.0x86
OR
sunsolarisMatch8.0x86
OR
sunsolarisMatch9.0sparc
OR
sunsolarisMatch9.0x86
OR
sunsolarisMatch9.0x86_update_2
OR
sunsolarisMatch10.0sparc
OR
sunsolarisMatch10.0x86
OR
sunsunosMatch5.7
OR
sunsunosMatch5.8

Related

nvd 1
debiancve 1
cvelist 1
nessus 7
redhat 2
openvas 8
cert 1
centos 2
securityvulns 1
nvd
nvd
CVE-2004-1307
2004-12-21 05:00:00
debiancve
debiancve
CVE-2004-1307
2005-05-04 04:00:00
cvelist
cvelist
CVE-2004-1307
2005-05-04 04:00:00
nessus
nessus
Debian DSA-617-1 : tiff - insufficient input validation
2004-12-27 00:00:00
Mandrake Linux Security Advisory : libtiff (MDKSA-2005:001)
2005-01-07 00:00:00
Mandrake Linux Security Advisory : wxGTK2 (MDKSA-2005:002)
2005-01-07 00:00:00
redhat
redhat
(RHSA-2004:577) libtiff security update
2004-10-22 00:00:00
(RHSA-2005:021) kdegraphics security update
2005-04-12 00:00:00
openvas
openvas
Solaris Update for sdtimage 114220-11
2009-06-03 00:00:00
Solaris Update for sdtimage 109932-10
2009-06-03 00:00:00
Solaris Update for CDE 1.4 109931-10
2009-06-03 00:00:00
cert
cert
LibTIFF vulnerable to integer overflow in the TIFFFetchStrip() routine
2005-01-20 00:00:00
centos
centos
kdegraphics security update
2005-04-12 23:05:10
kdegraphics security update
2005-04-12 16:01:20
securityvulns
securityvulns
US-CERT Technical Cyber Security Alert TA05-136A -- Apple Mac OS X is affected by multiple vulnerabilities
2005-05-17 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

Low

0.048 Low

EPSS

Percentile

92.8%

JSON
Related for CVE-2004-1307
nvd1debiancve1cvelist1nessus7redhat2openvas8cert1centos2securityvulns1