CVE-2005-1544

libTIFF <3.7.2 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Agustin Gianni · clocalmultiple

https://www.exploit-db.com/exploits/1554

View Code ZIP pw:eip

References (16)

[Third Party Advisory] http://www.debian.org/security/2005/dsa-755

[Issue Tracking] http://bugzilla.remotesensing.org/show_bug.cgi?id=843

[Third Party Advisory] http://secunia.com/advisories/18289

[Third Party Advisory] http://secunia.com/advisories/16872

[Third Party Advisory] http://secunia.com/advisories/15320

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/20533

[Third Party Advisory] http://secunia.com/advisories/18943

[Third Party Advisory, VDB Entry] http://www.osvdb.org/16350

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1013944

[Third Party Advisory] http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2006:042

[Vendor Advisory] http://www.ubuntu.com/usn/usn-130-1

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/13585

[Various Sources] ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt

[Patch] http://bugs.gentoo.org/show_bug.cgi?id=91584

[Various Sources] ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt

Scores

EPSS 0.1565

EPSS Percentile 94.7%

Details

Status published

Products (12)

libtiff/libtiff 3.4

libtiff/libtiff 3.5.1

libtiff/libtiff 3.5.2

libtiff/libtiff 3.5.3

libtiff/libtiff 3.5.4

libtiff/libtiff 3.5.5

libtiff/libtiff 3.5.6

libtiff/libtiff 3.5.7

libtiff/libtiff 3.6.0

libtiff/libtiff 3.6.1

... and 2 more

Published May 14, 2005

Tracked Since Feb 18, 2026