CVE-2005-2452
published 2005-08-03CVE-2005-2452: libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value…
PriorityP412medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
1.94%
77.7th percentile
libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.6.1-2 (bookworm) | tiff 3.6.1-2 (bookworm) |
| debian | tiff | < tiff 3.7.0-1 (bookworm) | tiff 3.7.0-1 (bookworm) |
| libtiff | libtiff | < 3.7.0 | 3.7.0 |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3qc8-39jf-7268: libtiff up to 3
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2005-2452 [MEDIUM] GHSA-3qc8-39jf-7268: libtiff up to 3
libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.
GHSA
GHSA-8mfw-4xw2-v3m5: Vulnerability in tif_dirread
ghsa_unreviewed·2022-04-29·CVSS 5.0
CVE-2004-0804 [MEDIUM] CWE-369 GHSA-8mfw-4xw2-v3m5: Vulnerability in tif_dirread
Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.
OSV
CVE-2005-2452: libtiff up to 3
osv·2005-08-03·CVSS 4.3
CVE-2005-2452 [MEDIUM] CVE-2005-2452: libtiff up to 3
libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.
OSV
CVE-2004-0804: Vulnerability in tif_dirread
osv·2004-11-03·CVSS 4.3
CVE-2004-0804 [MEDIUM] CVE-2004-0804: Vulnerability in tif_dirread
Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.
Debian
CVE-2005-2452: tiff - libtiff up to 3.7.0 allows remote attackers to cause a denial of service (applic...
vendor_debian·2005·CVSS 4.3
CVE-2005-2452 [MEDIUM] CVE-2005-2452: tiff - libtiff up to 3.7.0 allows remote attackers to cause a denial of service (applic...
libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.
Scope: local
bookworm: resolved (fixed in 3.7.0-1)
bullseye: resolved (fixed in 3.7.0-1)
forky: resolved (fixed in 3.7.0-1)
sid: resolved (fixed in 3.7.0-1)
trixie: resolved (fixed in 3.7.0-1)
Debian
CVE-2004-0804: tiff - Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a de...
vendor_debian·2004·CVSS 4.3
CVE-2004-0804 [MEDIUM] CVE-2004-0804: tiff - Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a de...
Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.
Scope: local
bookworm: resolved (fixed in 3.6.1-2)
bullseye: resolved (fixed in 3.6.1-2)
forky: resolved (fixed in 3.6.1-2)
sid: resolved (fixed in 3.6.1-2)
trixie: resolved (fixed in 3.6.1-2)
Red Hat
security flaw
vendor_redhat·2002-03-15·CVSS 4.3
CVE-2004-0804 [MEDIUM] security flaw
security flaw
Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.
No detection rules found.
No public exploits indexed.
http://secunia.com/advisories/16266http://secunia.com/advisories/16486http://www.mandriva.com/security/advisories?name=MDKSA-2005:142http://www.mandriva.com/security/advisories?name=MDKSA-2005:143http://www.mandriva.com/security/advisories?name=MDKSA-2005:144http://www.securityfocus.com/bid/14417https://bugzilla.ubuntu.com/show_bug.cgi?id=12008https://usn.ubuntu.com/156-1/http://secunia.com/advisories/16266http://secunia.com/advisories/16486http://www.mandriva.com/security/advisories?name=MDKSA-2005:142http://www.mandriva.com/security/advisories?name=MDKSA-2005:143http://www.mandriva.com/security/advisories?name=MDKSA-2005:144http://www.securityfocus.com/bid/14417https://bugzilla.ubuntu.com/show_bug.cgi?id=12008https://usn.ubuntu.com/156-1/
2005-08-03
Published