CVE-2004-1307

Current Description

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Basic Data

PublishedDecember 21, 2004
Last ModifiedOctober 30, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegetrue
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAvayaCall Management System Server8.0*******
    2.3ApplicationAvayaCall Management System Server9.0*******
    2.3ApplicationAvayaCall Management System Server11.0*******
    2.3ApplicationAvayaCall Management System Server12.0*******
    2.3ApplicationAvayaCall Management System Server13.0*******
    2.3ApplicationAvayaCvlan********
    2.3ApplicationAvayaIntegrated Management********
    2.3ApplicationAvayaInteractive Response********
    2.3ApplicationAvayaInteractive Response1.2.1*******
    2.3ApplicationAvayaInteractive Response1.3*******
    2.3ApplicationAvayaIntuity Audix Lx********
    2.3ApplicationF5Icontrol Service Manager1.3*******
    2.3ApplicationF5Icontrol Service Manager1.3.4*******
    2.3ApplicationF5Icontrol Service Manager1.3.5*******
    2.3ApplicationF5Icontrol Service Manager1.3.6*******
    2.3ApplicationLibtiffLibtiff3.4*******
    2.3ApplicationLibtiffLibtiff3.5.1*******
    2.3ApplicationLibtiffLibtiff3.5.2*******
    2.3ApplicationLibtiffLibtiff3.5.3*******
    2.3ApplicationLibtiffLibtiff3.5.4*******
    2.3ApplicationLibtiffLibtiff3.5.5*******
    2.3ApplicationLibtiffLibtiff3.5.7*******
    2.3ApplicationLibtiffLibtiff3.6.0*******
    2.3ApplicationLibtiffLibtiff3.6.1*******
    2.3ApplicationLibtiffLibtiff3.7.0*******
    2.3ApplicationSgiPropack3.0*******
    2.3OSConectivaLinux9.0*******
    2.3OSConectivaLinux10.0*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAvayaMn100********
    2.3OSAppleMac Os X10.3*******
    2.3OSAppleMac Os X10.3.1*******
    2.3OSAppleMac Os X10.3.2*******
    2.3OSAppleMac Os X10.3.3*******
    2.3OSAppleMac Os X10.3.4*******
    2.3OSAppleMac Os X10.3.5*******
    2.3OSAppleMac Os X10.3.6*******
    2.3OSAppleMac Os X10.3.7*******
    2.3OSAppleMac Os X10.3.8*******
    2.3OSAppleMac Os X10.3.9*******
    2.3OSAppleMac Os X Server10.3*******
    2.3OSAppleMac Os X Server10.3.1*******
    2.3OSAppleMac Os X Server10.3.2*******
    2.3OSAppleMac Os X Server10.3.3*******
    2.3OSAppleMac Os X Server10.3.4*******
    2.3OSAppleMac Os X Server10.3.5*******
    2.3OSAppleMac Os X Server10.3.6*******
    2.3OSAppleMac Os X Server10.3.7*******
    2.3OSAppleMac Os X Server10.3.8*******
    2.3OSAppleMac Os X Server10.3.9*******
    2.3OSAvayaModular Messaging Message Storage Server1.1*******
    2.3OSAvayaModular Messaging Message Storage Server2.0*******
    2.3OSGentooLinux********
    2.3OSMandrakesoftMandrake Linux10.0*******
    2.3OSMandrakesoftMandrake Linux10.0*amd64*****
    2.3OSMandrakesoftMandrake Linux10.1*******
    2.3OSMandrakesoftMandrake Linux10.1*x86_64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server3.0*******
    2.3OSMandrakesoftMandrake Linux Corporate Server3.0*x86_64*****
    2.3OSScoUnixware7.1.4*******
    2.3OSSunSolaris7.0*x86*****
    2.3OSSunSolaris8.0*x86*****
    2.3OSSunSolaris9.0*sparc*****
    2.3OSSunSolaris9.0*x86*****
    2.3OSSunSolaris9.0x86_update_2******
    2.3OSSunSolaris10.0*sparc*****
    2.3OSSunSolaris10.0*x86*****
    2.3OSSunSunos5.7*******
    2.3OSSunSunos5.8*******

Vulnerable Software List

VendorProductVersions
Avaya Mn100 *
Avaya Integrated Management *
Avaya Interactive Response *, 1.2.1, 1.3
Avaya Cvlan *
Avaya Modular Messaging Message Storage Server 1.1, 2.0
Avaya Call Management System Server 11.0, 12.0, 13.0, 8.0, 9.0
Avaya Intuity Audix Lx *
Apple Mac Os X Server 10.3, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, 10.3.6, 10.3.7, 10.3.8, 10.3.9
Apple Mac Os X 10.3, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, 10.3.6, 10.3.7, 10.3.8, 10.3.9
Conectiva Linux 10.0, 9.0
Libtiff Libtiff 3.4, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.7, 3.6.0, 3.6.1, 3.7.0
Sgi Propack 3.0
Mandrakesoft Mandrake Linux 10.0, 10.1
Mandrakesoft Mandrake Linux Corporate Server 3.0
Sun Solaris 10.0, 7.0, 8.0, 9.0
Sun Sunos 5.7, 5.8
F5 Icontrol Service Manager 1.3, 1.3.4, 1.3.5, 1.3.6
Sco Unixware 7.1.4
Gentoo Linux *

References

NameSourceURLTags
APPLE-SA-2005-05-03http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlAPPLEPATCH Vendor Advisory
101677http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1SUNALERT
201072http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1SUNALERT
20041221 libtiff STRIPOFFSETS Integer Overflow Vulnerabilityhttp://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=trueIDEFENSEPATCH Vendor Advisory
VU#539110http://www.kb.cert.org/vuls/id/539110CERT-VNPATCH Third Party Advisory US Government Resource
TA05-136Ahttp://www.us-cert.gov/cas/techalerts/TA05-136A.htmlCERTUS Government Resource
oval:org.mitre.oval:def:11175https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175OVAL