CVE-2004-0886

11 documents7 sources

Severity

5.0MEDIUM

EPSS

11.0%

top 6.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple MAC OS X Server KDE KDE +10 more

Timeline

PublishedJan 27

Latest updateApr 29

Description

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages13 packages

▶NVDlibtiff/libtiff9 versions+8

▶Debiantiff< 3.6.1-2+3

▶NVDkde/kde6 versions+5

▶NVDwxgtk2/wxgtk22.5_.0

▶NVDapple/mac_os_x16 versions+15

Also affects: Enterprise Linux 2.1, 3.0

Patches

Patch: www.redhat.com ↗Patch: www.securityfocus.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-j6h2-3q8p-c4j8: Multiple integer overflows in libtiff 3↗2022-04-29

▶

OSV

CVE-2004-0886: Multiple integer overflows in libtiff 3↗2005-01-27

▶

CVEList

CVE-2004-0886: Multiple integer overflows in libtiff 3↗2004-10-26

▶

📋Vendor Advisories

Red Hat

security flaw↗2004-12-21

▶

Red Hat

security flaw↗2004-10-13

▶

Debian

CVE-2004-0886: tiff - Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers t...↗2004

▶

💬Community

Bugzilla

CVE-2004-0886 security flaw↗2018-08-16

▶

Bugzilla

CVE-2004-1307 security flaw↗2018-08-16

▶

Bugzilla

CAN-2004-0803 multiple issues in libtiff (CAN-2004-0804 CAN-2004-0886)↗2004-10-29

▶

Bugzilla

CAN-2004-0803 CAN-2004-0804 CAN-2004-0886 multiple issues in libtiff↗2004-10-29

▶