CVE-2004-1183 — Tiff vulnerability

9 documents7 sources

Severity

5.1MEDIUMNVD

EPSS

3.0%

top 13.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedJan 6

Latest updateApr 29

Description

Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages2 packages

▶NVDlibtiff/libtiff12 versions+11

▶debiandebian/tiff< tiff 3.6.1-5 (bookworm)

Patches

Patch: security.gentoo.org ↗Patch: www.novell.com ↗Patch: security.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-hq62-22vf-mhg5: Integer overflow in the tiffdump utility for libtiff 3↗2022-04-29

▶

OSV

CVE-2004-1183: Integer overflow in the tiffdump utility for libtiff 3↗2005-01-06

▶

📋Vendor Advisories

Ubuntu

TIFF library tool vulnerability↗2005-01-07

▶

Red Hat

security flaw↗2005-01-05

▶

Debian

CVE-2004-1183: tiff - Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows re...↗2004

▶

💬Community

Bugzilla

CVE-2004-1183 security flaw↗2018-08-16

▶

Bugzilla

CVE-2004-1183 libtiff: tiffdump integer overflow↗2004-12-22

▶

Bugzilla

libtiff integer overflow.↗2004-12-22

▶