Vulnerability Name:

CVE-2004-1183 (CCN-18782)

Assigned:2004-12-13
Published:2005-01-05
Updated:2017-10-11
Summary:Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-1183

Source: CONECTIVA
Type: UNKNOWN
CLA-2005:920

Source: CCN
Type: About Web site
Linux / Unix Command: tiffdump

Source: BUGTRAQ
Type: UNKNOWN
20050106 [USN-54-1] TIFF library tool vulnerability

Source: CCN
Type: RHSA-2005-019
libtiff security update

Source: CCN
Type: RHSA-2005-035
libtiff security update

Source: CCN
Type: SA13728
LibTIFF Unspecified tiffdump Integer Overflow Vulnerability

Source: SECUNIA
Type: UNKNOWN
13728

Source: SECUNIA
Type: UNKNOWN
13776

Source: GENTOO
Type: Patch
GLSA-200501-06

Source: CCN
Type: CIAC Information Bulletin P-091
'tiff' Unsanitized Input Vulnerability

Source: DEBIAN
Type: UNKNOWN
DSA-626

Source: DEBIAN
Type: DSA-626
tiff -- unsanitised input

Source: CCN
Type: GLSA-200501-06
tiff: New overflows in image decoding

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:001

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:002

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:052

Source: SUSE
Type: Patch
SUSE-SA:2005:001

Source: REDHAT
Type: UNKNOWN
RHSA-2005:019

Source: REDHAT
Type: UNKNOWN
RHSA-2005:035

Source: BID
Type: UNKNOWN
12173

Source: CCN
Type: BID-12173
LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerability

Source: CCN
Type: TLSA-2005-4
Multiple vulnerabilities in libtiff

Source: CCN
Type: USN-54-1
TIFF library tool vulnerability

Source: XF
Type: UNKNOWN
libtiff-tiffdump-bo(18782)

Source: XF
Type: UNKNOWN
libtiff-tiffdump-bo(18782)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9743

Source: SUSE
Type: SUSE-SA:2005:001
libtiff/tiff: remote system compromise

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20041183
    V
    CVE-2004-1183
    2015-11-16
    oval:org.mitre.oval:def:9743
    V
    Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.
    2013-04-29
    oval:com.redhat.rhsa:def:20050035
    P
    RHSA-2005:035: libtiff security update (Important)
    2005-02-15
    oval:com.redhat.rhsa:def:20050019
    P
    RHSA-2005:019: libtiff security update (Important)
    2005-01-13
    oval:org.debian:def:626
    V
    unsanitised input
    2005-01-06
    BACK
    libtiff libtiff 3.4
    libtiff libtiff 3.5.1
    libtiff libtiff 3.5.2
    libtiff libtiff 3.5.3
    libtiff libtiff 3.5.4
    libtiff libtiff 3.5.5
    libtiff libtiff 3.5.6
    libtiff libtiff 3.5.7
    libtiff libtiff 3.6.0
    libtiff libtiff 3.6.1
    libtiff libtiff 3.7.0
    libtiff libtiff 3.7.1