Lucene search
GoogleOSV:DSA-567-1HistoryOct 15, 2004 - 12:00 a.m.
tiff - heap overflows
2004-10-1500:00:00
Google
osv.dev
12
0.114 Low
EPSS
Percentile
95.3%
Several problems have been discovered in libtiff, the Tag Image File
Format library for processing TIFF graphics files. An attacker could
prepare a specially crafted TIFF graphic that would cause the client
to execute arbitrary code or crash. The Common Vulnerabilities and
Exposures Project has identified the following problems:
- CAN-2004-0803
Chris Evans discovered several problems in the RLE (run length
encoding) decoders that could lead to arbitrary code execution. - CAN-2004-0804
Matthias Clasen discovered a division by zero through an integer
overflow. - CAN-2004-0886
Dmitry V. Levin discovered several integer overflows that caused
malloc issues which can result to either plain crash or memory
corruption.
For the stable distribution (woody) these problems have been fixed in
version 3.5.5-6woody1.
For the unstable distribution (sid) these problems have been fixed in
version 3.6.1-2.
We recommend that you upgrade your libtiff package.
References
Related
debian
debian
[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution
2004-10-15 17:51:16
[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution
2004-10-15 17:51:16
nessus
nessus
Mandrake Linux Security Advisory : libtiff (MDKSA-2004:109)
2004-10-20 00:00:00
GLSA-200412-02 : PDFlib: Multiple overflows in the included TIFF library
2004-12-05 00:00:00
Slackware 10.0 / 8.1 / 9.0 / 9.1 / current : libtiff (SSA:2004-305-02)
2005-07-13 00:00:00
cert
cert
LibTIFF contains multiple integer overflows
2004-12-01 00:00:00
LibTIFF contains multiple heap-based buffer overflows
2004-12-01 00:00:00
LibTIFF vulnerable to denial-of-service condition
2004-12-01 00:00:00
gentoo
gentoo
kfax: Multiple overflows in the included TIFF library
2004-12-19 00:00:00
PDFlib: Multiple overflows in the included TIFF library
2004-12-05 00:00:00
tiff: Buffer overflows in image decoding
2004-10-13 00:00:00
slackware
slackware
[slackware-security] libtiff
2004-11-01 08:00:50
openvas
openvas
Gentoo Security Advisory GLSA 200412-02 (PDFlib)
2008-09-24 00:00:00
Slackware Advisory SSA:2004-305-02 libtiff
2012-09-11 00:00:00
Debian Security Advisory DSA 567-1 (tiff)
2008-01-17 00:00:00
securityvulns
securityvulns
KDE Security Advisory: kfax libtiff vulnerabilities
2004-12-10 00:00:00
[Full-Disclosure] [ GLSA 200412-02 ] PDFlib: Multiple overflows in the included TIFF library
2004-12-06 00:00:00
MDKSA-2004:111 - Updated wxGTK2 packages fix vulnerabilities
2004-10-22 00:00:00
redhat
redhat
(RHSA-2004:577) libtiff security update
2004-10-22 00:00:00
(RHSA-2005:021) kdegraphics security update
2005-04-12 00:00:00
(RHSA-2005:354) tetex security update
2005-04-01 00:00:00
centos
centos
kdegraphics security update
2005-04-12 23:05:10
tetex security update
2005-04-01 21:29:55
kdegraphics security update
2005-04-12 16:01:20
suse
suse
local privilege escalation in libtiff
2004-10-22 14:52:41
remote denial of service in kernel
2004-10-21 07:52:50
cve
cve
ubuntucve
ubuntucve
freebsd
freebsd
tiff -- multiple integer overflows
2004-10-13 00:00:00
tiff -- RLE decoder heap overflows
2004-10-13 00:00:00
tiff -- divide-by-zero denial-of-service
2002-03-27 00:00:00
debiancve
debiancve
nvd
nvd
cvelist
cvelist