CVE-2004-0804Divide By Zero in Libtiff

CWE-369Divide By Zero12 documents6 sources
Severity
5.0MEDIUMNVD
NVD4.3OSV4.3
EPSS
19.2%
top 4.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LibtiffDebian Tiff
Timeline
PublishedNov 3
Latest updateMay 1

Description

Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDlibtiff/libtiff< 3.7.0+3
debiandebian/tiff< tiff 3.6.1-2 (bookworm)+1

Patches

Patch: www.redhat.comPatch: www.redhat.com

🔴Vulnerability Details

4
GHSA
GHSA-3qc8-39jf-7268: libtiff up to 32022-05-01
GHSA
GHSA-8mfw-4xw2-v3m5: Vulnerability in tif_dirread2022-04-29
OSV
CVE-2005-2452: libtiff up to 32005-08-03
OSV
CVE-2004-0804: Vulnerability in tif_dirread2004-11-03

📋Vendor Advisories

3
Debian
CVE-2005-2452: tiff - libtiff up to 3.7.0 allows remote attackers to cause a denial of service (applic...2005
Debian
CVE-2004-0804: tiff - Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a de...2004
Red Hat
security flaw2002-03-15

💬Community

3
Bugzilla
CVE-2004-0804 security flaw2018-08-16
Bugzilla
CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886)2004-10-29
Bugzilla
CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 multiple issues in libtiff2004-10-29