CVE-2004-0929Improper Restriction of Operations within the Bounds of a Memory Buffer in Libtiff

3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
8.2%
top 7.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LibtiffSuse Linux
Timeline
PublishedJan 27
Latest updateApr 29

Description

Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

NVDlibtiff/libtiff3.6.1
NVDsuse/suse_linux6 versions+5

Patches

Patch: www.idefense.comPatch: www.idefense.com

🔴Vulnerability Details

2
GHSA
GHSA-jf9r-74qm-gqm9: Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg2022-04-29
CVEList
CVE-2004-0929: Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg2004-10-26
CVE-2004-0929 — Libtiff vulnerability | cvebase