CVE-2004-0803

9 documents7 sources

Severity

7.5HIGH

EPSS

17.9%

top 4.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server KDE KDE +10 more

Timeline

PublishedDec 23

Latest updateApr 29

Description

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages13 packages

▶NVDlibtiff/libtiff9 versions+8

▶Debiantiff< 3.6.1-2+3

▶NVDkde/kde6 versions+5

▶NVDwxgtk2/wxgtk22.5_.0

▶NVDapple/mac_os_x16 versions+15

Also affects: Enterprise Linux 2.1, 3.0

Patches

Patch: www.debian.org ↗Patch: www.redhat.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-wmr8-3pg7-vqqp: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3↗2022-04-29

▶

OSV

CVE-2004-0803: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3↗2004-12-23

▶

CVEList

CVE-2004-0803: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3↗2004-10-26

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-10-13

▶

Debian

CVE-2004-0803: tiff - Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3...↗2004

▶

💬Community

Bugzilla

CVE-2004-0803 security flaw↗2018-08-16

▶

Bugzilla

CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886)↗2004-10-29

▶

Bugzilla

CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 multiple issues in libtiff↗2004-10-29

▶