CVE-2005-2452 — Divide By Zero in Libtiff

CWE-369 — Divide By Zero10 documents6 sources

Severity

5.0MEDIUMNVD

NVD4.3OSV4.3

EPSS

1.3%

top 19.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libtiff Debian Tiff

Timeline

PublishedAug 3

Latest updateMay 1

Description

libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDlibtiff/libtiff< 3.7.0+3

▶debiandebian/tiff< tiff 3.6.1-2 (bookworm)+1

🔴Vulnerability Details

GHSA

GHSA-3qc8-39jf-7268: libtiff up to 3↗2022-05-01

▶

GHSA

GHSA-8mfw-4xw2-v3m5: Vulnerability in tif_dirread↗2022-04-29

▶

OSV

CVE-2005-2452: libtiff up to 3↗2005-08-03

▶

OSV

CVE-2004-0804: Vulnerability in tif_dirread↗2004-11-03

▶

📋Vendor Advisories

Debian

CVE-2005-2452: tiff - libtiff up to 3.7.0 allows remote attackers to cause a denial of service (applic...↗2005

▶

Debian

CVE-2004-0804: tiff - Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a de...↗2004

▶

Red Hat

security flaw↗2002-03-15

▶

💬Community

Bugzilla

CVE-2004-0804 security flaw↗2018-08-16

▶