CVE-2004-0886
published 2005-01-27CVE-2004-0886: Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that…
PriorityP418medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
5.44%
91.7th percentile
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
Affected
65 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
| apple | mac_os_x_server | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2004-12-21·CVSS 5.0
CVE-2004-1307 [MEDIUM] security flaw
security flaw
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
Statement: This issue was resolved in all affected libtiff versions as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 via a patch for CVE-2004-0886. For updates containing patches for CVE-2004-0886, see: https://rhn.redhat.com/errata/CVE-2004-0886.html
Red Hat
security flaw
vendor_redhat·2004-10-13·CVSS 5.0
CVE-2004-0886 [MEDIUM] security flaw
security flaw
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
Debian
CVE-2004-0886: tiff - Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers t...
vendor_debian·2004·CVSS 5.0
CVE-2004-0886 [MEDIUM] CVE-2004-0886: tiff - Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers t...
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
Scope: local
bookworm: resolved (fixed in 3.6.1-2)
bullseye: resolved (fixed in 3.6.1-2)
forky: resolved (fixed in 3.6.1-2)
sid: resolved (fixed in 3.6.1-2)
trixie: resolved (fixed in 3.6.1-2)
GHSA
GHSA-j6h2-3q8p-c4j8: Multiple integer overflows in libtiff 3
ghsa_unreviewed·2022-04-29
CVE-2004-0886 [MEDIUM] GHSA-j6h2-3q8p-c4j8: Multiple integer overflows in libtiff 3
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
OSV
CVE-2004-0886: Multiple integer overflows in libtiff 3
osv·2005-01-27·CVSS 5.0
CVE-2004-0886 [MEDIUM] CVE-2004-0886: Multiple integer overflows in libtiff 3
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-1307 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2004-1307 [MEDIUM] CVE-2004-1307 security flaw
CVE-2004-1307 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
---
Statement:
This issue was resolved in all affected libtiff versions as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 via a patch for CVE-2004-0886. For updates containing patches for CVE-2004-0886, see: https://rhn.redhat.com/errata/CVE-2004-0886.html
Bugzilla
CVE-2004-0886 security flaw
bugzilla·2018-08-16·CVSS 5.0
CVE-2004-0886 [MEDIUM] CVE-2004-0886 security flaw
CVE-2004-0886 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
Bugzilla
CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886)
bugzilla·2004-10-29
[MEDIUM] CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886)
CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886)
During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. teTeX contains an internal copy of
libtiff. An attacker who has the ability to trick a user into opening
a malicious TIFF file could cause the application linked to libtiff to
crash or possibly execute arbitrary code. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names
CAN-2004-0886 and CAN-2004-0804 to these issues.
Additionally, a number of buffer overflow bugs that affect libtiff
have been found. teTeX contains an internal copy of libtiff. An
attacker who has the ability to trick a user into opening a malicious
TIFF file could cause the application linked to libtiff to crash
Bugzilla
CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 multiple issues in libtiff
bugzilla·2004-10-29
[MEDIUM] CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 multiple issues in libtiff
CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 multiple issues in libtiff
During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. teTeX contains an internal copy of
libtiff. An attacker who has the ability to trick a user into opening
a malicious TIFF file could cause the application linked to libtiff to
crash or possibly execute arbitrary code. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the names
CAN-2004-0886 and CAN-2004-0804 to these issues.
Additionally, a number of buffer overflow bugs that affect libtiff
have been found. teTeX contains an internal copy of libtiff. An
attacker who has the ability to trick a user into opening a malicious
TIFF file could cause the application linked to libtiff to crash or
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888http://marc.info/?l=bugtraq&m=109779465621929&w=2http://secunia.com/advisories/12818http://securitytracker.com/id?1011674http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1http://www.ciac.org/ciac/bulletins/p-015.shtmlhttp://www.debian.org/security/2004/dsa-567http://www.kb.cert.org/vuls/id/687568http://www.kde.org/info/security/advisory-20041209-2.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2004:109http://www.mandriva.com/security/advisories?name=MDKSA-2005:052http://www.novell.com/linux/security/advisories/2004_38_libtiff.htmlhttp://www.redhat.com/support/errata/RHSA-2004-577.htmlhttp://www.redhat.com/support/errata/RHSA-2005-021.htmlhttp://www.redhat.com/support/errata/RHSA-2005-354.htmlhttp://www.securityfocus.com/bid/11406http://www.trustix.org/errata/2004/0054/https://exchange.xforce.ibmcloud.com/vulnerabilities/17715https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888http://marc.info/?l=bugtraq&m=109779465621929&w=2http://secunia.com/advisories/12818http://securitytracker.com/id?1011674http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1http://www.ciac.org/ciac/bulletins/p-015.shtmlhttp://www.debian.org/security/2004/dsa-567http://www.kb.cert.org/vuls/id/687568http://www.kde.org/info/security/advisory-20041209-2.txthttp://www.mandriva.com/security/advisories?name=MDKSA-2004:109http://www.mandriva.com/security/advisories?name=MDKSA-2005:052http://www.novell.com/linux/security/advisories/2004_38_libtiff.htmlhttp://www.redhat.com/support/errata/RHSA-2004-577.htmlhttp://www.redhat.com/support/errata/RHSA-2005-021.htmlhttp://www.redhat.com/support/errata/RHSA-2005-354.htmlhttp://www.securityfocus.com/bid/11406http://www.trustix.org/errata/2004/0054/https://exchange.xforce.ibmcloud.com/vulnerabilities/17715https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100116https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9907
2005-01-27
Published