cbcvebase.
CVE-2004-1307
published 2004-12-21

CVE-2004-1307: Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with…

PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
6.34%
92.8th percentile
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Affected

57 ranges· showing 25
VendorProductVersion rangeFixed in
applemac_os_x
applemac_os_x
applemac_os_x
applemac_os_x
applemac_os_x
applemac_os_x
applemac_os_x
applemac_os_x
applemac_os_x
applemac_os_x
applemac_os_x_server
applemac_os_x_server
applemac_os_x_server
applemac_os_x_server
applemac_os_x_server
applemac_os_x_server
applemac_os_x_server
applemac_os_x_server
applemac_os_x_server
applemac_os_x_server
avayacall_management_system_server
avayacall_management_system_server
avayacall_management_system_server
avayacall_management_system_server
avayacall_management_system_server

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.