CVE-2004-0803
published 2004-12-23CVE-2004-0803: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
8.27%
94.2th percentile
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
Affected
65 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2004-10-13·CVSS 7.5
CVE-2004-0803 [HIGH] security flaw
security flaw
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
Debian
CVE-2004-0803: tiff - Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3...
vendor_debian·2004·CVSS 7.5
CVE-2004-0803 [HIGH] CVE-2004-0803: tiff - Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3...
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
Scope: local
bookworm: resolved (fixed in 3.6.1-2)
bullseye: resolved (fixed in 3.6.1-2)
forky: resolved (fixed in 3.6.1-2)
sid: resolved (fixed in 3.6.1-2)
trixie: resolved (fixed in 3.6.1-2)
GHSA
GHSA-wmr8-3pg7-vqqp: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3
ghsa_unreviewed·2022-04-29
CVE-2004-0803 [HIGH] GHSA-wmr8-3pg7-vqqp: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
OSV
CVE-2004-0803: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3
osv·2004-12-23·CVSS 7.5
CVE-2004-0803 [HIGH] CVE-2004-0803: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0803 security flaw
bugzilla·2018-08-16·CVSS 7.5
CVE-2004-0803 [HIGH] CVE-2004-0803 security flaw
CVE-2004-0803 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
Bugzilla
CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886)
bugzilla·2004-10-29
[MEDIUM] CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886)
CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886)
During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. teTeX contains an internal copy of
libtiff. An attacker who has the ability to trick a user into opening
a malicious TIFF file could cause the application linked to libtiff to
crash or possibly execute arbitrary code. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names
CAN-2004-0886 and CAN-2004-0804 to these issues.
Additionally, a number of buffer overflow bugs that affect libtiff
have been found. teTeX contains an internal copy of libtiff. An
attacker who has the ability to trick a user into opening a malicious
TIFF file could cause the application linked to libtiff to crash
Bugzilla
CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 multiple issues in libtiff
bugzilla·2004-10-29
[MEDIUM] CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 multiple issues in libtiff
CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 multiple issues in libtiff
During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. teTeX contains an internal copy of
libtiff. An attacker who has the ability to trick a user into opening
a malicious TIFF file could cause the application linked to libtiff to
crash or possibly execute arbitrary code. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names
CAN-2004-0886 and CAN-2004-0804 to these issues.
Additionally, a number of buffer overflow bugs that affect libtiff
have been found. teTeX contains an internal copy of libtiff. An
attacker who has the ability to trick a user into opening a malicious
TIFF file could cause the application linked to libtiff to crash or
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888http://marc.info/?l=bugtraq&m=109778785107450&w=2http://scary.beasts.org/security/CESA-2004-006.txthttp://secunia.com/advisories/12818http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1http://www.debian.org/security/2004/dsa-567http://www.gentoo.org/security/en/glsa/glsa-200410-11.xmlhttp://www.kb.cert.org/vuls/id/948752http://www.kde.org/info/security/advisory-20041209-2.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2004:109http://www.mandriva.com/security/advisories?name=MDKSA-2005:052http://www.novell.com/linux/security/advisories/2004_38_libtiff.htmlhttp://www.redhat.com/support/errata/RHSA-2004-577.htmlhttp://www.redhat.com/support/errata/RHSA-2005-021.htmlhttp://www.redhat.com/support/errata/RHSA-2005-354.htmlhttp://www.securityfocus.com/bid/11406https://exchange.xforce.ibmcloud.com/vulnerabilities/17703https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888http://marc.info/?l=bugtraq&m=109778785107450&w=2http://scary.beasts.org/security/CESA-2004-006.txthttp://secunia.com/advisories/12818http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1http://www.debian.org/security/2004/dsa-567http://www.gentoo.org/security/en/glsa/glsa-200410-11.xmlhttp://www.kb.cert.org/vuls/id/948752http://www.kde.org/info/security/advisory-20041209-2.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2004:109http://www.mandriva.com/security/advisories?name=MDKSA-2005:052http://www.novell.com/linux/security/advisories/2004_38_libtiff.htmlhttp://www.redhat.com/support/errata/RHSA-2004-577.htmlhttp://www.redhat.com/support/errata/RHSA-2005-021.htmlhttp://www.redhat.com/support/errata/RHSA-2005-354.htmlhttp://www.securityfocus.com/bid/11406https://exchange.xforce.ibmcloud.com/vulnerabilities/17703https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896
2004-12-23
Published