Vulnerability Name:

CVE-2004-0886 (CCN-17715)

Assigned:2004-10-13
Published:2004-10-13
Updated:2017-10-11
Summary:Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Sun Alert ID: 57769
Multiple Security Vulnerabilities in libtiff(3)

Source: MITRE
Type: CNA
CVE-2004-0886

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:888
Fixes for libtiff vulnerabilities

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:888

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2004.043

Source: CCN
Type: RHSA-2004-577
libtiff security update

Source: CCN
Type: RHSA-2005-021
kdegraphics security update

Source: CCN
Type: RHSA-2005-354
tetex security update

Source: CCN
Type: SA12818
LibTIFF Multiple Image Decoder Parsing Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
12818

Source: CCN
Type: SECTRACK ID: 1011674
LibTIFF Integer Overflows Let Remote Users Crash the Application

Source: SECTRACK
Type: UNKNOWN
1011674

Source: CCN
Type: slackware-security Mailing List, Mon, 1 Nov 2004 00:00:50 -0800 (PST)
[slackware-security] libtiff (SSA:2004-305-02)

Source: SUNALERT
Type: UNKNOWN
101677

Source: SUNALERT
Type: UNKNOWN
201072

Source: CCN
Type: Avaya Security Advisory ASA-2005-002
Vulnerabilities in libtiff - (RHSA-2004-577)

Source: CIAC
Type: UNKNOWN
P-015

Source: CCN
Type: CIAC Information Bulletin P-049
Apple Security Update 2004-12-02

Source: CCN
Type: CIAC INFORMATION BULLETIN P-171
SGI Advanced Linux Environment 3 Security Update #33

Source: DEBIAN
Type: UNKNOWN
DSA-567

Source: DEBIAN
Type: DSA-567
tiff -- heap overflows

Source: CCN
Type: GLSA-200412-02
PDFlib: Multiple overflows in the included TIFF library

Source: CCN
Type: GLSA-200412-17
kfax: Multiple overflows in the included TIFF library

Source: CCN
Type: US-CERT VU#687568
LibTIFF contains multiple integer overflows

Source: CERT-VN
Type: US Government Resource
VU#687568

Source: CONFIRM
Type: UNKNOWN
http://www.kde.org/info/security/advisory-20041209-2.txt

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:109

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:052

Source: SUSE
Type: UNKNOWN
SUSE-SA:2004:038

Source: CCN
Type: OpenPKG-SA-2004.043
libtiff

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:577

Source: REDHAT
Type: UNKNOWN
RHSA-2005:021

Source: REDHAT
Type: UNKNOWN
RHSA-2005:354

Source: BID
Type: Exploit, Patch, Vendor Advisory
11406

Source: CCN
Type: BID-11406
LibTIFF Multiple Buffer Overflow Vulnerabilities

Source: CCN
Type: Trustix Secure Linux Security Advisory #2004-0054
Multiple security vulnerabilities

Source: TRUSTIX
Type: UNKNOWN
2004-0054

Source: CCN
Type: TLSA-2005-4
Multiple vulnerabilities in libtiff

Source: XF
Type: UNKNOWN
libtiff-bo(17715)

Source: XF
Type: UNKNOWN
libtiff-bo(17715)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:100116

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9907

Source: SUSE
Type: SUSE-SA:2004:037
kernel: remote denial of service

Source: SUSE
Type: SUSE-SA:2004:038
libtiff: local privilege escalation

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:pdflib:pdf_library:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:wxgtk2:wxgtk2:*:*:*:*:*:*:*:*
  • OR cpe:/a:wxgtk2:wxgtk2:2.5_.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.2:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.3:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:advanced_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:workstation_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:fedora_core:core_2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:1.5:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:trustix:secure_linux:2.1:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040886
    V
    		CVE-2004-0886
    2015-11-16
    oval:org.mitre.oval:def:9907
    V
    		Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
    2013-04-29
    oval:org.mitre.oval:def:100116
    V
    		libtiff Malloc Error Denial of Service
    2005-11-16
    oval:com.redhat.rhsa:def:20050021
    P
    		RHSA-2005:021: kdegraphics security update (Moderate)
    2005-04-14
    oval:com.redhat.rhsa:def:20050354
    P
    		RHSA-2005:354: tetex security update (Moderate)
    2005-04-01
    oval:com.redhat.rhsa:def:20040577
    P
    		RHSA-2004:577: libtiff security update (Important)
    2004-10-22
    oval:org.debian:def:567
    V
    		heap overflows
    2004-10-15
    BACK
    libtiff libtiff 3.4
    libtiff libtiff 3.5.1
    libtiff libtiff 3.5.2
    libtiff libtiff 3.5.3
    libtiff libtiff 3.5.4
    libtiff libtiff 3.5.5
    libtiff libtiff 3.5.7
    libtiff libtiff 3.6.0
    libtiff libtiff 3.6.1
    pdflib pdf library 5.0.2
    wxgtk2 wxgtk2 *
    wxgtk2 wxgtk2 2.5_.0
    apple mac os x 10.2
    apple mac os x 10.2.1
    apple mac os x 10.2.2
    apple mac os x 10.2.3
    apple mac os x 10.2.4
    apple mac os x 10.2.5
    apple mac os x 10.2.6
    apple mac os x 10.2.7
    apple mac os x 10.2.8
    apple mac os x 10.3
    apple mac os x 10.3.1
    apple mac os x 10.3.2
    apple mac os x 10.3.3
    apple mac os x 10.3.4
    apple mac os x 10.3.5
    apple mac os x 10.3.6
    apple mac os x server 10.2
    apple mac os x server 10.2.1
    apple mac os x server 10.2.2
    apple mac os x server 10.2.3
    apple mac os x server 10.2.4
    apple mac os x server 10.2.5
    apple mac os x server 10.2.6
    apple mac os x server 10.2.7
    apple mac os x server 10.2.8
    apple mac os x server 10.3
    apple mac os x server 10.3.1
    apple mac os x server 10.3.2
    apple mac os x server 10.3.3
    apple mac os x server 10.3.4
    apple mac os x server 10.3.5
    apple mac os x server 10.3.6
    kde kde 3.2
    kde kde 3.2.1
    kde kde 3.2.2
    kde kde 3.2.3
    kde kde 3.3
    kde kde 3.3.1
    mandrakesoft mandrake linux 10.0
    mandrakesoft mandrake linux 10.0
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    redhat enterprise linux desktop 3.0
    redhat fedora core core_2.0
    redhat linux advanced workstation 2.1
    redhat linux advanced workstation 2.1
    suse suse linux 1.0
    suse suse linux 8
    suse suse linux 8.1
    suse suse linux 8.2
    suse suse linux 9.0
    suse suse linux 9.0
    suse suse linux 9.1
    trustix secure linux 1.5
    trustix secure linux 2.0
    trustix secure linux 2.1