published date: January 27, 2005

CVE-2004-0886 : Denial of Service Vulnerability

Description

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

Product(s):

LibTIFF 3.4
LibTIFF 3.4 beta18
LibTIFF 3.4 beta24
LibTIFF 3.4 beta28
LibTIFF 3.4 beta29
LibTIFF 3.4 beta31
LibTIFF 3.4 beta32
LibTIFF 3.4 beta34
LibTIFF 3.4 beta35
LibTIFF 3.4 beta36
LibTIFF 3.4 beta37
LibTIFF 3.5.1
LibTIFF 3.5.2
LibTIFF 3.5.3
LibTIFF 3.5.4
LibTIFF 3.5.5
LibTIFF 3.5.7
LibTIFF 3.5.7 alpha2
LibTIFF 3.5.7 alpha3
LibTIFF 3.5.7 alpha4
LibTIFF 3.5.7 alpha
LibTIFF 3.5.7 beta
LibTIFF 3.6.0
LibTIFF 3.6.0 beta2
LibTIFF 3.6.0 beta
LibTIFF 3.6.1
PDFlib PDF Library 5.0.2
wxgtk2 wxgtk2
wxgtk2 wxgtk2 2.5_.0
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.8
Apple Mac OS X 10.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3
KDE 3.2.1
KDE 3.2.2
KDE KDE 3.2.3
KDE 3.2
KDE 3.3.1
KDE KDE 3.3
KDE 3.3 -
KDE 3.3 Beta 1
KDE 3.3 Beta 2
MandrakeSoft Mandrake Linux 10.0
Mandrakesoft Mandrake Linux 10.0 on AMD64
Red Hat Enterprise Linux 2.1 Advanced Server
Red Hat Enterprise Linux 2.1 Advanced Server IA64
Red Hat Enterprise Linux 2.1 Enterprise Server
Red Hat Enterprise Linux 2.1 Enterprise Server IA64
Red Hat Enterprise Linux 2.1 Workstation
Red Hat Enterprise Linux 2.1 Workstation IA64
Red Hat Enterprise Linux 3.0 Advanced Server Edition
Red Hat Enterprise Linux 3.0 Enterprise Server Edition
Red Hat Enterprise Linux 3.0 Workstation Server Edition
Red Hat Desktop 3.0
Red Hat Fedora Core Core 2.0
Red Hat Linux Advanced Workstation 2.1 on IA64
Red Hat Linux Advanced Workstation 2.1 on Itanium Processor
SUSE Linux 1.0 Desktop
SuSE SuSE Linux 8.1
SuSE SuSE Linux 8.2
SUSE SUSE Linux 8 Enterprise Server
SuSE SuSE Linux 9.0
Suse Suse Linux 9.0 Enterprise Server Edition
SuSE SuSE Linux 9.1
Trustix Secure Linux 1.5
Trustix Secure Linux 2.0
Trustix Secure Linux 2.1

CVSS:5 [Critical]
EPSS:10.99%
Exploitability:10
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2004-0886, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2004-0886 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2004-0886

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales