CVE-2004-1307

Description

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Software From Fixed in
sun / sunos 5.7 5.7.x
sun / sunos 5.8 5.8.x
sun / solaris 10.0 10.0.x
sun / solaris 7.0 7.0.x
sun / solaris 8.0 8.0.x
sun / solaris 9.0 9.0.x
sun / solaris 9.0-x86_update_2 9.0-x86_update_2.x
sco / unixware 7.1.4 7.1.4.x
apple / mac_os_x 10.3 10.3.x
apple / mac_os_x 10.3.1 10.3.1.x
apple / mac_os_x 10.3.2 10.3.2.x
apple / mac_os_x 10.3.3 10.3.3.x
apple / mac_os_x 10.3.4 10.3.4.x
apple / mac_os_x 10.3.5 10.3.5.x
apple / mac_os_x 10.3.6 10.3.6.x
apple / mac_os_x 10.3.7 10.3.7.x
apple / mac_os_x 10.3.8 10.3.8.x
apple / mac_os_x 10.3.9 10.3.9.x
mandrakesoft / mandrake_linux 10.0 10.0.x
mandrakesoft / mandrake_linux 10.1 10.1.x
conectiva / linux 10.0 10.0.x
conectiva / linux 9.0 9.0.x
mandrakesoft / mandrake_linux_corporate_server 3.0 3.0.x
apple / mac_os_x_server 10.3 10.3.x
apple / mac_os_x_server 10.3.1 10.3.1.x
apple / mac_os_x_server 10.3.2 10.3.2.x
apple / mac_os_x_server 10.3.3 10.3.3.x
apple / mac_os_x_server 10.3.4 10.3.4.x
apple / mac_os_x_server 10.3.5 10.3.5.x
apple / mac_os_x_server 10.3.6 10.3.6.x
apple / mac_os_x_server 10.3.7 10.3.7.x
apple / mac_os_x_server 10.3.8 10.3.8.x
apple / mac_os_x_server 10.3.9 10.3.9.x
gentoo / linux - -
sgi / propack 3.0 3.0.x
avaya / modular_messaging_message_storage_server 1.1 1.1.x
avaya / modular_messaging_message_storage_server 2.0 2.0.x
avaya / cvlan - -
avaya / integrated_management - -
avaya / call_management_system_server 11.0 11.0.x
avaya / call_management_system_server 12.0 12.0.x
avaya / call_management_system_server 13.0 13.0.x
avaya / call_management_system_server 8.0 8.0.x
avaya / call_management_system_server 9.0 9.0.x
libtiff / libtiff 3.4 3.4.x
libtiff / libtiff 3.5.1 3.5.1.x
libtiff / libtiff 3.5.2 3.5.2.x
libtiff / libtiff 3.5.3 3.5.3.x
libtiff / libtiff 3.5.4 3.5.4.x
libtiff / libtiff 3.5.5 3.5.5.x
libtiff / libtiff 3.5.7 3.5.7.x
libtiff / libtiff 3.6.0 3.6.0.x
libtiff / libtiff 3.6.1 3.6.1.x
libtiff / libtiff 3.7.0 3.7.0.x
avaya / intuity_audix_lx - -
avaya / mn100 - -
avaya / interactive_response - -
avaya / interactive_response 1.2.1 1.2.1.x
avaya / interactive_response 1.3 1.3.x
f5 / icontrol_service_manager 1.3 1.3.x
f5 / icontrol_service_manager 1.3.4 1.3.4.x
f5 / icontrol_service_manager 1.3.5 1.3.5.x
f5 / icontrol_service_manager 1.3.6 1.3.6.x