CVE-2004-0803

libtiff - Remote Code Execution via RLE Decoder Buffer Overflow

Title source: llm

Description

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

References (20)

Core 20

Core References

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml

Patch, Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2004-577.html

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2004:109

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100114

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-021.html

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=109778785107450&w=2

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8896

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2004_38_libtiff.html

Various Sources x_refsource_misc

http://scary.beasts.org/security/CESA-2004-006.txt

Vendor Advisory vendor-advisory x_refsource_conectiva

http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888

Vendor Advisory vendor-advisory x_refsource_mandrake

http://www.mandriva.com/security/advisories?name=MDKSA-2005:052

Various Sources x_refsource_confirm

http://www.kde.org/info/security/advisory-20041209-2.txt

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-354.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/12818

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/17703

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11406

Patch, Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2004/dsa-567

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/948752

Scores

EPSS 0.1788

EPSS Percentile 95.2%

Details

Status published

Products (49)

apple/mac_os_x 10.2

apple/mac_os_x 10.2.1

apple/mac_os_x 10.2.2

apple/mac_os_x 10.2.3

apple/mac_os_x 10.2.4

apple/mac_os_x 10.2.5

apple/mac_os_x 10.2.6

apple/mac_os_x 10.2.7

apple/mac_os_x 10.2.8

apple/mac_os_x 10.3

... and 39 more

Published Dec 23, 2004

Tracked Since Feb 18, 2026