Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:7003
HistoryOct 15, 2004 - 12:00 a.m.

[ GLSA 200410-11 ] tiff: Buffer overflows in image decoding

2004-10-1500:00:00
vulners.com
15

0.061 Low

EPSS

Percentile

93.6%

JSON

Gentoo Linux Security Advisory GLSA 200410-11

                                        http://security.gentoo.org/

Severity: Normal
Title: tiff: Buffer overflows in image decoding
Date: October 13, 2004
ID: 200410-11

Synopsis

Multiple heap-based overflows have been found in the tiff library image
decoding routines, potentially allowing to execute arbitrary code with
the rights of the user viewing a malicious image.

Background

The tiff library contains encoding and decoding routines for the Tag
Image File Format. It is called by numerous programs, including GNOME
and KDE, to help in displaying TIFF images. xv is a multi-format image
manipulation utility that is statically linked to the tiff library.

Affected packages

-------------------------------------------------------------------
 Package          /   Vulnerable   /                    Unaffected
-------------------------------------------------------------------

1 media-libs/tiff < 3.6.1-r2 >= 3.6.1-r2
2 media-gfx/xv <= 3.10a-r7 >= 3.10a-r8
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------

Description

Chris Evans found heap-based overflows in RLE decoding routines in
tif_next.c, tif_thunder.c and potentially tif_luv.c.

Impact

A remote attacker could entice a user to view a carefully crafted TIFF
image file, which would potentially lead to execution of arbitrary code
with the rights of the user viewing the image. This affects any program
that makes use of the tiff library, including GNOME and KDE web
browsers or mail readers.

Workaround

There is no known workaround at this time.

Resolution

All tiff library users should upgrade to the latest version:

# emerge sync

# emerge -pv &quot;&gt;=media-libs/tiff-3.6.1-r2&quot;
# emerge &quot;&gt;=media-libs/tiff-3.6.1-r2&quot;

xv makes use of the tiff library and needs to be recompiled to receive
the new patched version of the library. All xv users should also
upgrade to the latest version:

# emerge sync

# emerge -pv &quot;&gt;=media-gfx/xv-3.10a-r8&quot;
# emerge &quot;&gt;=media-gfx/xv-3.10a-r8&quot;

References

[ 1 ] CAN-2004-0803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200410-11.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2004 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/1.0

Related

debiancve 1
nvd 1
cvelist 1
gentoo 3
freebsd 1
cve 1
openvas 22
nessus 19
ubuntucve 1
debian 2
osv 1
securityvulns 3
cert 4
slackware 1
redhat 3
centos 3
suse 2
debiancve
debiancve
CVE-2004-0803
2004-12-23 05:00:00
nvd
nvd
CVE-2004-0803
2004-12-23 05:00:00
cvelist
cvelist
CVE-2004-0803
2004-10-26 04:00:00
gentoo
gentoo
tiff: Buffer overflows in image decoding
2004-10-13 00:00:00
kfax: Multiple overflows in the included TIFF library
2004-12-19 00:00:00
PDFlib: Multiple overflows in the included TIFF library
2004-12-05 00:00:00
freebsd
freebsd
tiff -- RLE decoder heap overflows
2004-10-13 00:00:00
cve
cve
CVE-2004-0803
2004-12-23 05:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200410-11 (tiff)
2008-09-24 00:00:00
FreeBSD Ports: tiff
2008-09-04 00:00:00
FreeBSD Ports: tiff
2008-09-04 00:00:00
nessus
nessus
FreeBSD : tiff -- RLE decoder heap overflows (f6680c03-0bd8-11d9-8a8a-000c41e2cdad)
2005-07-13 00:00:00
GLSA-200410-11 : tiff: Buffer overflows in image decoding
2004-10-14 00:00:00
Fedora Core 2 : kdegraphics-3.2.2-1.1 (2004-357)
2004-10-30 00:00:00
ubuntucve
ubuntucve
CVE-2004-0803
2004-12-23 00:00:00
debian
debian
[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution
2004-10-15 17:51:16
[SECURITY] [DSA 567-1] New libtiff packages fix remote code execution
2004-10-15 17:51:16
osv
osv
tiff - heap overflows
2004-10-15 00:00:00
securityvulns
securityvulns
KDE Security Advisory: kfax libtiff vulnerabilities
2004-12-10 00:00:00
[Full-Disclosure] [ GLSA 200412-02 ] PDFlib: Multiple overflows in the included TIFF library
2004-12-06 00:00:00
MDKSA-2004:111 - Updated wxGTK2 packages fix vulnerabilities
2004-10-22 00:00:00
cert
cert
LibTIFF vulnerable to denial-of-service condition
2004-12-01 00:00:00
LibTIFF contains multiple integer overflows
2004-12-01 00:00:00
LibTIFF contains multiple heap-based buffer overflows
2004-12-01 00:00:00
slackware
slackware
[slackware-security] libtiff
2004-11-01 08:00:50
redhat
redhat
(RHSA-2004:577) libtiff security update
2004-10-22 00:00:00
(RHSA-2005:021) kdegraphics security update
2005-04-12 00:00:00
(RHSA-2005:354) tetex security update
2005-04-01 00:00:00
centos
centos
kdegraphics security update
2005-04-12 23:05:10
tetex security update
2005-04-01 21:29:55
kdegraphics security update
2005-04-12 16:01:20
suse
suse
remote denial of service in kernel
2004-10-21 07:52:50
local privilege escalation in libtiff
2004-10-22 14:52:41

0.061 Low

EPSS

Percentile

93.6%

JSON
Related for SECURITYVULNS:DOC:7003
debiancve1nvd1cvelist1gentoo3freebsd1cve1openvas22nessus19ubuntucve1debian2osv1securityvulns3cert4slackware1redhat3centos3suse2