CVE-2004-1307

Impact:
Moderate
Public Date:
2004-12-21
Bugzilla:
1617405: CVE-2004-1307 security flaw

The MITRE CVE dictionary describes this issue as:

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Find out more about CVE-2004-1307 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue was resolved in all affected libtiff versions as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 via a patch for CVE-2004-0886. For updates containing patches for CVE-2004-0886, see: https://rhn.redhat.com/errata/CVE-2004-0886.html

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 2.1 (kdegraphics) RHSA-2005:021 2005-04-12
Red Hat Enterprise Linux 3 (libtiff) RHSA-2004:577 2004-10-22
Red Hat Enterprise Linux 3 (kdegraphics) RHSA-2005:021 2005-04-12
Red Hat Enterprise Linux 2.1 (libtiff) RHSA-2004:577 2004-10-22

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.