Vulnerability Name:

CVE-2004-0803 (CCN-17703)

Assigned:2004-10-13
Published:2004-10-13
Updated:2017-10-11
Summary:Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: SCO Security Advisory SCOSA-2005.19
UnixWare 7.1.4 : libtiff Multiple vulnerabilities

Source: CCN
Type: SGI Security Advisory 20050404-01-U
SGI Advanced Linux Environment 3 Security Update #35

Source: CCN
Type: Sun Alert ID: 57769
Multiple Security Vulnerabilities in libtiff(3)

Source: MITRE
Type: CNA
CVE-2004-0803

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:888
Fixes for libtiff vulnerabilities

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:888

Source: CCN
Type: AppleCare Knowledge Base Document 61798
Security Update 2004-12-02

Source: BUGTRAQ
Type: UNKNOWN
20041013 CESA-2004-006: libtiff

Source: CCN
Type: RHSA-2004-577
libtiff security update

Source: CCN
Type: RHSA-2005-021
kdegraphics security update

Source: CCN
Type: RHSA-2005-354
tetex security update

Source: MISC
Type: UNKNOWN
http://scary.beasts.org/security/CESA-2004-006.txt

Source: CCN
Type: SA12818
LibTIFF Multiple Image Decoder Parsing Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
12818

Source: CCN
Type: slackware-security Mailing List, Mon, 1 Nov 2004 00:00:50 -0800 (PST)
[slackware-security] libtiff (SSA:2004-305-02)

Source: SUNALERT
Type: UNKNOWN
101677

Source: CCN
Type: Sun Alert ID: 201072
Multiple Security Vulnerabilities in libtiff(3)

Source: SUNALERT
Type: UNKNOWN
201072

Source: CCN
Type: Avaya Security Advisory ASA-2005-002
Vulnerabilities in libtiff - (RHSA-2004-577)

Source: CCN
Type: CIAC Information Bulletin P-049
Apple Security Update 2004-12-02

Source: CCN
Type: CIAC INFORMATION BULLETIN P-171
SGI Advanced Linux Environment 3 Security Update #33

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-567

Source: DEBIAN
Type: DSA-567
tiff -- heap overflows

Source: CCN
Type: GLSA-200410-11
tiff: Buffer overflows in image decoding

Source: GENTOO
Type: UNKNOWN
GLSA-200410-11

Source: CCN
Type: GLSA-200412-02
PDFlib: Multiple overflows in the included TIFF library

Source: CCN
Type: GLSA-200412-17
kfax: Multiple overflows in the included TIFF library

Source: CCN
Type: US-CERT VU#948752
LibTIFF contains multiple heap-based buffer overflows

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#948752

Source: CCN
Type: KDE Security Advisory 2004-12-09
kfax libtiff vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://www.kde.org/info/security/advisory-20041209-2.txt

Source: CCN
Type: LibTIFF Web site
LibTIFF - TIFF Library and Utilities

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:109

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:052

Source: SUSE
Type: UNKNOWN
SUSE-SA:2004:038

Source: CCN
Type: OpenPKG-SA-2004.043
libtiff

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:577

Source: REDHAT
Type: UNKNOWN
RHSA-2005:021

Source: REDHAT
Type: UNKNOWN
RHSA-2005:354

Source: BID
Type: UNKNOWN
11406

Source: CCN
Type: BID-11406
LibTIFF Multiple Buffer Overflow Vulnerabilities

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0054
Multiple security vulnerabilities

Source: CCN
Type: TLSA-2005-4
Multiple vulnerabilities in libtiff

Source: XF
Type: UNKNOWN
libtiff-library-decoding-bo(17703)

Source: XF
Type: UNKNOWN
libtiff-library-decoding-bo(17703)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100114

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:8896

Source: SUSE
Type: SUSE-SA:2004:037
kernel: remote denial of service

Source: SUSE
Type: SUSE-SA:2004:038
libtiff: local privilege escalation

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:pdflib:pdf_library:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:wxgtk2:wxgtk2:2.5_.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.2:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.3:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sun:solaris:7.0::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:7.0::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:aw:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:10:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:2.1:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:mn100:*:*:*:*:*:*:*:*
  • OR cpe:/o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040803
    V
    		CVE-2004-0803
    2015-11-16
    oval:org.mitre.oval:def:8896
    V
    		Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
    2013-04-29
    oval:org.mitre.oval:def:100114
    V
    		libtiff RLE Decoder Buffer Overflow Vulnerabilities
    2005-11-16
    oval:com.redhat.rhsa:def:20050021
    P
    		RHSA-2005:021: kdegraphics security update (Moderate)
    2005-04-14
    oval:com.redhat.rhsa:def:20050354
    P
    		RHSA-2005:354: tetex security update (Moderate)
    2005-04-01
    oval:com.redhat.rhsa:def:20040577
    P
    		RHSA-2004:577: libtiff security update (Important)
    2004-10-22
    oval:org.debian:def:567
    V
    		heap overflows
    2004-10-15
    BACK
    libtiff libtiff 3.4
    libtiff libtiff 3.5.1
    libtiff libtiff 3.5.2
    libtiff libtiff 3.5.3
    libtiff libtiff 3.5.4
    libtiff libtiff 3.5.5
    libtiff libtiff 3.5.7
    libtiff libtiff 3.6.0
    libtiff libtiff 3.6.1
    pdflib pdf library 5.0.2
    wxgtk2 wxgtk2 2.5_.0
    apple mac os x 10.2
    apple mac os x 10.2.1
    apple mac os x 10.2.2
    apple mac os x 10.2.3
    apple mac os x 10.2.4
    apple mac os x 10.2.5
    apple mac os x 10.2.6
    apple mac os x 10.2.7
    apple mac os x 10.2.8
    apple mac os x 10.3
    apple mac os x 10.3.1
    apple mac os x 10.3.2
    apple mac os x 10.3.3
    apple mac os x 10.3.4
    apple mac os x 10.3.5
    apple mac os x 10.3.6
    apple mac os x server 10.2
    apple mac os x server 10.2.1
    apple mac os x server 10.2.2
    apple mac os x server 10.2.3
    apple mac os x server 10.2.4
    apple mac os x server 10.2.5
    apple mac os x server 10.2.6
    apple mac os x server 10.2.7
    apple mac os x server 10.2.8
    apple mac os x server 10.3
    apple mac os x server 10.3.1
    apple mac os x server 10.3.2
    apple mac os x server 10.3.3
    apple mac os x server 10.3.4
    apple mac os x server 10.3.5
    apple mac os x server 10.3.6
    kde kde 3.2
    kde kde 3.2.1
    kde kde 3.2.2
    kde kde 3.2.3
    kde kde 3.3
    kde kde 3.3.1
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux 10.0
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    redhat enterprise linux desktop 3.0
    redhat fedora core core_2.0
    redhat linux advanced workstation 2.1
    redhat linux advanced workstation 2.1
    suse suse linux 1.0
    suse suse linux 8
    suse suse linux 8.1
    suse suse linux 8.2
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    trustix secure linux 1.5
    trustix secure linux 2.0
    trustix secure linux 2.1
    sun solaris 7.0
    sun solaris 7.0
    sun solaris 8
    sun solaris 8
    sun solaris 9
    sun solaris 10
    sun solaris 10
    sun solaris 9
    debian debian linux 3.0
    slackware slackware linux 8.1
    openpkg openpkg current
    gentoo linux *
    suse suse linux 8.1
    suse linux enterprise server 8
    mandrakesoft mandrake multi network firewall 8.2
    slackware slackware linux current
    mandrakesoft mandrake linux corporate server 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    slackware slackware linux 9.0
    suse suse linux 8.2
    redhat enterprise linux 2.1
    conectiva linux 9.0
    trustix secure linux 2.0
    slackware slackware linux 9.1
    suse suse linux 9.0
    mandrakesoft mandrake linux 9.2
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    openpkg openpkg 2.0
    trustix secure linux 2.1
    mandrakesoft mandrake linux 10.0
    suse suse linux 9.1
    redhat enterprise linux 3
    conectiva linux 10
    openpkg openpkg 2.1
    slackware slackware linux 10.0
    mandrakesoft mandrake linux 10.1
    avaya mn100 *
    avaya modular messaging message storage server 1.1
    mandrakesoft mandrake linux corporate server 3.0
    redhat linux advanced workstation 2.1
    suse linux enterprise server 9
    mandrakesoft mandrake linux 10.1
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux home *
    mandrakesoft mandrake linux 9.2
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux corporate server 2.1