Vulnerability CVE-2004-1307


Published: 2004-12-21   Modified: 2012-02-12

Description:
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Type:

CWE-Other

Vendor: Conectiva
Product: Linux 
Version: 9.0; 10.0;
Vendor: Avaya
Product: Call management system server 
Version:
9.0
8.0
13.0
12.0
11.0
Product: Modular messaging message storage server 
Version: 2.0; 1.1;
Product: Interactive response 
Version: 1.3; 1.2.1;
Product: Cvlan 
Product: Intuity audix lx 
Product: Integrated management 
Product: Mn100 
Vendor: SUN
Product: Solaris 
Version:
9.0
8.0
7.0
10.0
Product: Sunos 
Version: 5.8; 5.7;
Vendor: SCO
Product: Unixware 
Version: 7.1.4;
Vendor: Libtiff
Product: Libtiff 
Version:
3.7.0
3.6.1
3.6.0
3.5.7
3.5.5
3.5.4
3.5.3
3.5.2
3.5.1
3.4
Vendor: Mandrakesoft
Product: Mandrake linux corporate server 
Version: 3.0;
Product: Mandrake linux 
Version: 10.1; 10.0;
Vendor: SGI
Product: Propack 
Version: 3.0;
Vendor: Apple
Product: Mac os x server 
Version:
10.3.9
10.3.8
10.3.7
10.3.6
10.3.5
10.3.4
10.3.3
10.3.2
10.3.1
10.3
Product: Mac os x 
Version:
10.3.9
10.3.8
10.3.7
10.3.6
10.3.5
10.3.4
10.3.3
10.3.2
10.3.1
10.3
Vendor: F5
Product: Icontrol service manager 
Version:
1.3.6
1.3.5
1.3.4
1.3
Vendor: Gentoo
Product: Linux 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1
http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true
http://www.kb.cert.org/vuls/id/539110
http://www.us-cert.gov/cas/techalerts/TA05-136A.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175

Related CVE
CVE-2017-14483
flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file...
CVE-2017-14484
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.
CVE-2004-2778
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or...
CVE-2014-9756
The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.
CVE-2014-9622
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.
CVE-2014-9496
The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.
CVE-2013-2100
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a craf...
CVE-2014-4909
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bo...

Copyright 2019, cxsecurity.com

 

Back to Top