CVE-2004-1308
published 2005-01-10CVE-2004-1308: Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file…
PriorityP343critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
14.97%
96.3th percentile
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.6.1-4 (bookworm) | tiff 3.6.1-4 (bookworm) |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0CRITICAL
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6prx-h64j-5pw3: Integer overflow in (1) tif_dirread
ghsa_unreviewed·2022-04-29
CVE-2004-1308 [HIGH] GHSA-6prx-h64j-5pw3: Integer overflow in (1) tif_dirread
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.
OSV
CVE-2004-1308: Integer overflow in (1) tif_dirread
osv·2005-01-10·CVSS 10.0
CVE-2004-1308 [CRITICAL] CVE-2004-1308: Integer overflow in (1) tif_dirread
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.
Ubuntu
TIFF library vulnerability
vendor_ubuntu·2004-12-22
CVE-2004-1308 TIFF library vulnerability
Title: TIFF library vulnerability
Summary: TIFF library vulnerability
A buffer overflow was discovered in the TIFF library. A TIFF file
includes a value indicating the number of "directory entry" header
fields contained in the file. If this value is -1, an invalid memory
allocation was performed. A malicious image could be constructed
which, when decoded, would have resulted in execution of arbitrary
code with the privileges of the process using the library.
Since this library is used in many applications like "ghostscript" and
the "CUPS" printing system, this vulnerability may lead to remotely
induced privilege escalation.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2004-12-21·CVSS 10.0
CVE-2004-1308 [CRITICAL] security flaw
security flaw
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.
Debian
CVE-2004-1308: tiff - Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3...
vendor_debian·2004·CVSS 10.0
CVE-2004-1308 [CRITICAL] CVE-2004-1308: tiff - Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3...
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.
Scope: local
bookworm: resolved (fixed in 3.6.1-4)
bullseye: resolved (fixed in 3.6.1-4)
forky: resolved (fixed in 3.6.1-4)
sid: resolved (fixed in 3.6.1-4)
trixie: resolved (fixed in 3.6.1-4)
No detection rules found.
No public exploits indexed.
arXiv
o-glasses: Visualizing x86 Code from Binary Using a 1d-CNN
arxiv_fulltext·2018-06-14
o-glasses: Visualizing x86 Code from Binary Using a 1d-CNN
o-glasses: Visualizing x86 Code from Binary Using a 1d-CNN
Yuhei Otsubo12
Akira Otsuka2
Mamoru Mimura32
Takeshi Sakaki4
Atsuhiro Goto2
National Police Agency, Tokyo, Japan
Institute of Information Security, Kanagawa, Japan
[email protected]
National Defense Academy, Kanagawa, Japan
The University of Tokyo, Tokyo, Japan
## Abstract
Malicious document files used in targeted attacks often contain a small program called shellcode.
It is often hard to prepare a runnable environment for dynamic analysis of these document files because they exploit specific vulnerabilities.
In these cases, it is necessary to identify the position of the shellcode in each document file to analyze it.
If the exploit code uses executable scripts such as JavaScript and Flash, it is not so hard to locate the s
Bugzilla
CVE-2004-1308 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2004-1308 [CRITICAL] CVE-2004-1308 security flaw
CVE-2004-1308 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlhttp://secunia.com/advisories/13776http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1http://www.debian.org/security/2004/dsa-617http://www.idefense.com/application/poi/display?id=174&type=vulnerabilitieshttp://www.kb.cert.org/vuls/id/125598http://www.mandriva.com/security/advisories?name=MDKSA-2005:052http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.htmlhttp://www.redhat.com/support/errata/RHSA-2005-019.htmlhttp://www.redhat.com/support/errata/RHSA-2005-035.htmlhttp://www.us-cert.gov/cas/techalerts/TA05-136A.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/18637https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100117https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9392http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000920http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlhttp://secunia.com/advisories/13776http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1http://www.debian.org/security/2004/dsa-617http://www.idefense.com/application/poi/display?id=174&type=vulnerabilitieshttp://www.kb.cert.org/vuls/id/125598http://www.mandriva.com/security/advisories?name=MDKSA-2005:052http://www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.htmlhttp://www.redhat.com/support/errata/RHSA-2005-019.htmlhttp://www.redhat.com/support/errata/RHSA-2005-035.htmlhttp://www.us-cert.gov/cas/techalerts/TA05-136A.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/18637https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100117https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9392
2005-01-10
Published