LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerability

BID:12173

Info

LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerability

Bugtraq ID: 12173
Class: Boundary Condition Error
CVE: CVE-2004-1183
Remote: Yes
Local: No
Published: Jan 05 2005 12:00AM
Updated: Jul 12 2009 09:27AM
Credit: Dmitry V. Levin is credited with the discovery of this issue.
Vulnerable: Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
SGI ProPack 3.0
SCO Unixware 7.1.4
Redhat Fedora Core3
Redhat Fedora Core2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
LibTIFF LibTIFF 3.7.1
LibTIFF LibTIFF 3.7
+ Slackware Linux 10.0
+ Slackware Linux -current
LibTIFF LibTIFF 3.6.1
+ Gentoo Linux 1.4
+ Gentoo Linux
+ OpenPKG OpenPKG Current
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
LibTIFF LibTIFF 3.6 .0
LibTIFF LibTIFF 3.5.7
+ Redhat Fedora Core2
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux 8.1
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
LibTIFF LibTIFF 3.5.5
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
LibTIFF LibTIFF 3.5.4
LibTIFF LibTIFF 3.5.3
LibTIFF LibTIFF 3.5.2
LibTIFF LibTIFF 3.5.1
LibTIFF LibTIFF 3.4
Gentoo Linux
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Integrated Management
Avaya CVLAN
Not Vulnerable:

Discussion

LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerability

It has been reported that 'tiffdump' is affected by a heap corruption vulnerability due to an integer overflow error that can be triggered when malicious or malformed image files are processed. Theoretically, an attacker can exploit this vulnerability to execute arbitrary code in the context of the affected application when TIFF image data is processed. Because image data is frequently external in origin, these vulnerabilities are considered remotely exploitable.

Exploit / POC

LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerability

Solution:
SCO has released an advisory (SCOSA-2005.19) and fixes to address this issue for UnixWare platforms. Please see the referenced advisory for further information.

RedHat has released two advisories called FEDORA-2005-597 and FEDORA-2005-598 to address this issue in Fedora Core 2 and 3. Please see the referenced advisories for further information.

Gentoo Linux has released advisory GLSA 200501-06 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=media-libs/tiff-3.7.1-r1"
Please see the referenced advisory for further information.

Debian GNU/Linux has released advisory DSA 626-1 to address this issue. Please see the referenced advisory for further information.

Ubuntu Linux has released advisory USN-54-1 to address this issue. Please see the referenced advisory for further information.

Mandrake has released advisory MDKSA-2005:001 to address various issues in libtiff. Please see the referenced advisory for more information.

Mandrake has released an advisory MDKSA-2005:002 to address various issues in wxGTK2. Please see the referenced advisory for more information.

SUSE has released advisory SUSE-SA:2005:001 to address various issues in libtiff. Please see the referenced advisory for more information.

Red Hat has released an advisory (RHSA-2005:019-11) to address issues in libtiff. Please see the advisory in Web references for more information.

TurboLinux has released a security announcement and fixes to address this and other vulnerabilities. Please see the referenced announcement for further information regarding obtaining and applying appropriate updates.

Conectiva had released advisory CLA-2005:920 to address various issues in libtiff3. Please see the referenced advisory for more information.

SGI has released advisory 20050101-01-U (SGI Advanced Linux Environment 3 Security Update #23) to address various issues in SGI Advanced Linux Environment 3. This advisory includes updated SGI ProPack 3 Service Pack 3 packages and patch 10137. Please see the referenced advisory for more information.

Avaya has released advisory ASA-2005-021 to document the affected versions of Avaya products. Please see the referenced advisory for further information.

Mandrake has released advisory MDKSA-2005:052 to address various issues affecting kdegraphics. Please see the referenced advisory for more information.


SGI ProPack 3.0

LibTIFF LibTIFF 3.5.5

LibTIFF LibTIFF 3.5.7

LibTIFF LibTIFF 3.6.1

SCO Unixware 7.1.4

References

LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report