ID

VAR-200412-0902


CVE

CVE-2004-1307


TITLE

LibTIFF vulnerable to integer overflow via corrupted directory entry count

Trust: 0.8

sources: CERT/CC: VU#125598

DESCRIPTION

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing an attacker to execute arbitrary commands. LibTIFF Library TIFFFetchStripThing() Perform memory allocation in functions CheckMalloc() An integer overflow vulnerability exists due to a flaw in the validation of the value passed to the function.LibTIFF Arbitrary code may be executed with the execution authority of the application that uses the library

Trust: 3.87

sources: NVD: CVE-2004-1307 // CERT/CC: VU#125598 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // JVNDB: JVNDB-2004-000574 // VULHUB: VHN-9737

AFFECTED PRODUCTS

vendor:apple computermodel: - scope: - version: -

Trust: 2.4

vendor:red hatmodel: - scope: - version: -

Trust: 1.6

vendor:sunmodel:solarisscope:eqversion:7.0

Trust: 1.6

vendor:sunmodel:solarisscope:eqversion:10.0

Trust: 1.6

vendor:sunmodel:solarisscope:eqversion:8.0

Trust: 1.6

vendor:avayamodel:interactive responsescope:eqversion:*

Trust: 1.0

vendor:avayamodel:intuity audix lxscope:eqversion:*

Trust: 1.0

vendor:scomodel:unixwarescope:eqversion:7.1.4

Trust: 1.0

vendor:avayamodel:cvlanscope:eqversion:*

Trust: 1.0

vendor:avayamodel:interactive responsescope:eqversion:1.3

Trust: 1.0

vendor:avayamodel:call management system serverscope:eqversion:9.0

Trust: 1.0

vendor:avayamodel:modular messaging message storage serverscope:eqversion:1.1

Trust: 1.0

vendor:sunmodel:solarisscope:eqversion:9.0

Trust: 1.0

vendor:avayamodel:interactive responsescope:eqversion:1.2.1

Trust: 1.0

vendor:avayamodel:call management system serverscope:eqversion:8.0

Trust: 1.0

vendor:avayamodel:integrated managementscope:eqversion:*

Trust: 1.0

vendor:conectivamodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:f5model:icontrol service managerscope:eqversion:1.3.6

Trust: 1.0

vendor:libtiffmodel:libtiffscope:eqversion:3.6.0

Trust: 1.0

vendor:f5model:icontrol service managerscope:eqversion:1.3

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:10.1

Trust: 1.0

vendor:libtiffmodel:libtiffscope:eqversion:3.5.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.6

Trust: 1.0

vendor:avayamodel:mn100scope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.6

Trust: 1.0

vendor:libtiffmodel:libtiffscope:eqversion:3.5.3

Trust: 1.0

vendor:libtiffmodel:libtiffscope:eqversion:3.6.1

Trust: 1.0

vendor:libtiffmodel:libtiffscope:eqversion:3.5.1

Trust: 1.0

vendor:libtiffmodel:libtiffscope:eqversion:3.5.7

Trust: 1.0

vendor:avayamodel:call management system serverscope:eqversion:13.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.1

Trust: 1.0

vendor:avayamodel:modular messaging message storage serverscope:eqversion:2.0

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linuxscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.5

Trust: 1.0

vendor:sgimodel:propackscope:eqversion:3.0

Trust: 1.0

vendor:avayamodel:call management system serverscope:eqversion:11.0

Trust: 1.0

vendor:libtiffmodel:libtiffscope:eqversion:3.4

Trust: 1.0

vendor:libtiffmodel:libtiffscope:eqversion:3.7.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.7

Trust: 1.0

vendor:f5model:icontrol service managerscope:eqversion:1.3.4

Trust: 1.0

vendor:libtiffmodel:libtiffscope:eqversion:3.5.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.3

Trust: 1.0

vendor:conectivamodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.8

Trust: 1.0

vendor:sunmodel:sunosscope:eqversion:5.8

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.8

Trust: 1.0

vendor:gentoomodel:linuxscope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3

Trust: 1.0

vendor:sunmodel:sunosscope:eqversion:5.7

Trust: 1.0

vendor:libtiffmodel:libtiffscope:eqversion:3.5.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3

Trust: 1.0

vendor:mandrakesoftmodel:mandrake linux corporate serverscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.9

Trust: 1.0

vendor:f5model:icontrol service managerscope:eqversion:1.3.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.3.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.9

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.3.2

Trust: 1.0

vendor:avayamodel:call management system serverscope:eqversion:12.0

Trust: 1.0

vendor:debianmodel: - scope: - version: -

Trust: 0.8

vendor:freebsdmodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.3.9

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.3.9

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:7.0 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:7.0 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (x86)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:2.1 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (as)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (es)

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope:eqversion:3 (ws)

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope:eqversion:3.0

Trust: 0.8

vendor:red hatmodel:linux advanced workstationscope:eqversion:2.1

Trust: 0.8

sources: CERT/CC: VU#125598 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // JVNDB: JVNDB-2004-000574 // CNNVD: CNNVD-200412-081 // NVD: CVE-2004-1307

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1307
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#125598
value: 7.75

Trust: 0.8

CARNEGIE MELLON: VU#356070
value: 22.31

Trust: 0.8

CARNEGIE MELLON: VU#539110
value: 5.04

Trust: 0.8

NVD: CVE-2004-1307
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200412-081
value: HIGH

Trust: 0.6

VULHUB: VHN-9737
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2004-1307
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-9737
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#125598 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // VULHUB: VHN-9737 // JVNDB: JVNDB-2004-000574 // CNNVD: CNNVD-200412-081 // NVD: CVE-2004-1307

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1307

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-081

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200412-081

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000574

PATCH

title:Security Update 2005-005url:http://docs.info.apple.com/article.html?artnum=301528

Trust: 0.8

title:Security Update 2005-005url:http://docs.info.apple.com/jarticle.html?artnum=301528

Trust: 0.8

title:RHSA-2004:577url:https://rhn.redhat.com/errata/RHSA-2004-577.html

Trust: 0.8

title:101677url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1

Trust: 0.8

title:RHSA-2004:577url:http://www.jp.redhat.com/support/errata/RHSA/RHSA-2004-577J.html

Trust: 0.8

sources: JVNDB: JVNDB-2004-000574

EXTERNAL IDS

db:CERT/CCid:VU#539110

Trust: 3.3

db:USCERTid:TA05-136A

Trust: 2.5

db:NVDid:CVE-2004-1307

Trust: 2.5

db:SECUNIAid:13607

Trust: 1.6

db:SECUNIAid:15227

Trust: 1.6

db:CERT/CCid:VU#125598

Trust: 0.8

db:OSVDBid:16084

Trust: 0.8

db:BIDid:13502

Trust: 0.8

db:CERT/CCid:VU#356070

Trust: 0.8

db:SECTRACKid:1012651

Trust: 0.8

db:JVNDBid:JVNDB-2004-000574

Trust: 0.8

db:CNNVDid:CNNVD-200412-081

Trust: 0.7

db:CERT/CCid:TA05-136A

Trust: 0.6

db:OVALid:OVAL:ORG.MITRE.OVAL:DEF:11175

Trust: 0.6

db:SUNALERTid:101677

Trust: 0.6

db:SUNALERTid:201072

Trust: 0.6

db:APPLEid:APPLE-SA-2005-05-03

Trust: 0.6

db:IDEFENSEid:20041221 LIBTIFF STRIPOFFSETS INTEGER OVERFLOW VULNERABILITY

Trust: 0.6

db:VULHUBid:VHN-9737

Trust: 0.1

sources: CERT/CC: VU#125598 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // VULHUB: VHN-9737 // JVNDB: JVNDB-2004-000574 // CNNVD: CNNVD-200412-081 // NVD: CVE-2004-1307

REFERENCES

url:http://www.us-cert.gov/cas/techalerts/ta05-136a.html

Trust: 2.5

url:http://www.kb.cert.org/vuls/id/539110

Trust: 2.5

url:http://lists.apple.com/archives/security-announce/2005/may/msg00001.html

Trust: 1.7

url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1

Trust: 1.7

url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1

Trust: 1.7

url:http://secunia.com/advisories/13607/

Trust: 1.6

url:http://secunia.com/advisories/15227/

Trust: 1.6

url:http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true

Trust: 1.6

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11175

Trust: 1.1

url:http://www.idefense.com/application/poi/display?id=174&type=vulnerabilities

Trust: 0.8

url:http://docs.info.apple.com/article.html?artnum=301528

Trust: 0.8

url:http://remahl.se/david/vuln/011/

Trust: 0.8

url:http://www.securityfocus.com/bid/13502/

Trust: 0.8

url:http://www.osvdb.org/displayvuln.php?osvdb_id=16084

Trust: 0.8

url:http://securitytracker.com/alerts/2004/dec/1012651.html

Trust: 0.8

url:http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1307

Trust: 0.8

url:http://www.jpcert.or.jp/wr/2005/wr052001.txt

Trust: 0.8

url:http://jvn.jp/cert/jvnta05-136a/

Trust: 0.8

url:http://jvn.jp/tr/trta05-136a/

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1307

Trust: 0.8

url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:11175

Trust: 0.6

url:http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true

Trust: 0.1

sources: CERT/CC: VU#125598 // CERT/CC: VU#356070 // CERT/CC: VU#539110 // VULHUB: VHN-9737 // JVNDB: JVNDB-2004-000574 // CNNVD: CNNVD-200412-081 // NVD: CVE-2004-1307

CREDITS

Discovery credited to infamous41md[at]hotpop.com.

Trust: 0.6

sources: CNNVD: CNNVD-200412-081

SOURCES

db:CERT/CCid:VU#125598
db:CERT/CCid:VU#356070
db:CERT/CCid:VU#539110
db:VULHUBid:VHN-9737
db:JVNDBid:JVNDB-2004-000574
db:CNNVDid:CNNVD-200412-081
db:NVDid:CVE-2004-1307

LAST UPDATE DATE

2024-11-23T21:23:44.479000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#125598date:2005-05-12T00:00:00
db:CERT/CCid:VU#356070date:2005-05-16T00:00:00
db:CERT/CCid:VU#539110date:2005-08-23T00:00:00
db:VULHUBid:VHN-9737date:2018-10-30T00:00:00
db:JVNDBid:JVNDB-2004-000574date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200412-081date:2009-02-05T00:00:00
db:NVDid:CVE-2004-1307date:2018-10-30T16:26:22.763

SOURCES RELEASE DATE

db:CERT/CCid:VU#125598date:2005-01-11T00:00:00
db:CERT/CCid:VU#356070date:2005-05-06T00:00:00
db:CERT/CCid:VU#539110date:2005-01-20T00:00:00
db:VULHUBid:VHN-9737date:2004-12-21T00:00:00
db:JVNDBid:JVNDB-2004-000574date:2007-04-01T00:00:00
db:CNNVDid:CNNVD-200412-081date:2004-12-21T00:00:00
db:NVDid:CVE-2004-1307date:2004-12-21T05:00:00