CVE-2004-0803

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

Published: Dec 23, 2004
Updated: Nov 9, 2025
CVE: CVE-2004-0803
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
libtiff / libtiff	3.6.1	3.6.1.x
pdflib / pdf_library	5.0.2	5.0.2.x
wxgtk2 / wxgtk2	2.5_.0	2.5_.0.x
libtiff / libtiff	3.4	3.4.x
libtiff / libtiff	3.5.7	3.5.7.x
libtiff / libtiff	3.6.0	3.6.0.x
libtiff / libtiff	3.5.3	3.5.3.x
libtiff / libtiff	3.5.4	3.5.4.x
libtiff / libtiff	3.5.2	3.5.2.x
libtiff / libtiff	3.5.5	3.5.5.x
libtiff / libtiff	3.5.1	3.5.1.x
suse / suse_linux	9.0	9.0.x
redhat / enterprise_linux	2.1	2.1.x
redhat / fedora_core	core_2.0	core_2.0.x
apple / mac_os_x_server	10.3.2	10.3.2.x
apple / mac_os_x	10.2.5	10.2.5.x
trustix / secure_linux	2.0	2.0.x
apple / mac_os_x_server	10.2.2	10.2.2.x
redhat / enterprise_linux_desktop	3.0	3.0.x
apple / mac_os_x	10.2.7	10.2.7.x
apple / mac_os_x	10.2.8	10.2.8.x
apple / mac_os_x_server	10.2.4	10.2.4.x
redhat / linux_advanced_workstation	2.1	2.1.x
kde / kde	3.3.1	3.3.1.x
apple / mac_os_x	10.2.1	10.2.1.x
suse / suse_linux	8.2	8.2.x
redhat / enterprise_linux	3.0	3.0.x
apple / mac_os_x_server	10.3.5	10.3.5.x
apple / mac_os_x	10.3.1	10.3.1.x
suse / suse_linux	8	8.x
kde / kde	3.2.2	3.2.2.x
suse / suse_linux	1.0	1.0.x
kde / kde	3.2.1	3.2.1.x
apple / mac_os_x	10.3.5	10.3.5.x
apple / mac_os_x_server	10.3.3	10.3.3.x
apple / mac_os_x_server	10.2.7	10.2.7.x
apple / mac_os_x_server	10.2.3	10.2.3.x
apple / mac_os_x	10.2.4	10.2.4.x
apple / mac_os_x_server	10.3.4	10.3.4.x
trustix / secure_linux	1.5	1.5.x
apple / mac_os_x	10.3.2	10.3.2.x
apple / mac_os_x	10.2.2	10.2.2.x
apple / mac_os_x_server	10.2.5	10.2.5.x
suse / suse_linux	9.1	9.1.x
apple / mac_os_x	10.3.6	10.3.6.x
apple / mac_os_x_server	10.3	10.3.x
apple / mac_os_x_server	10.2.6	10.2.6.x
apple / mac_os_x_server	10.2	10.2.x
apple / mac_os_x_server	10.2.1	10.2.1.x
apple / mac_os_x_server	10.3.1	10.3.1.x
kde / kde	3.3	3.3.x
mandrakesoft / mandrake_linux	10.0	10.0.x
apple / mac_os_x	10.3.4	10.3.4.x
apple / mac_os_x	10.3.3	10.3.3.x
apple / mac_os_x	10.2.6	10.2.6.x
trustix / secure_linux	2.1	2.1.x
kde / kde	3.2	3.2.x
kde / kde	3.2.3	3.2.3.x
apple / mac_os_x	10.2.3	10.2.3.x
apple / mac_os_x_server	10.2.8	10.2.8.x
apple / mac_os_x	10.2	10.2.x
suse / suse_linux	8.1	8.1.x
apple / mac_os_x	10.3	10.3.x
apple / mac_os_x_server	10.3.6	10.3.6.x

Vulnerability Database

300,445

CVE-2004-0803

Deep Security Visibility Without the Complexity