SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   Application (Multimedia)  >   LibTIFF Vendors:   libtiff.org
LibTIFF Integer Overflows Let Remote Users Crash the Application
SecurityTracker Alert ID:  1011674
SecurityTracker URL:  http://securitytracker.com/id/1011674
CVE Reference:   CVE-2004-0886   (Links to External Site)
Updated:  May 5 2009
Original Entry Date:  Oct 14 2004
Impact:   Denial of service via network


Description:   Some vulnerabilities were reported in LibTIFF. A remote user can cause an application using LibTIFF to crash.

Red Hat reported that a remote user can create a specially crafted image file that, when loaded by the target user, will trigger an integer overflow and cause LibTIFF to crash.

Dimitry Levin is credited with reporting this flaw.

Impact:   A remote user can cause the target application to crash.
Solution:   No upstream solution was available at the time of this entry.

Red Hat will be issuing fixes in 3.5.5-17 (RHEL2.1) and 3.5.7-20.1 (RHEL3).

Vendor URL:  www.libtiff.org/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 15 2004 (Fedora Issues Fix for FC2) LibTIFF Integer Overflows Let Remote Users Crash the Application
Fedora has released a fix for Fedora Core 2.
Oct 15 2004 (Debian Issues Fix) LibTIFF Integer Overflows Let Remote Users Crash the Application
Debian has released a fix.
Oct 16 2004 (Trustix Issues Fix) LibTIFF Integer Overflows Let Remote Users Crash the Application
Trustix has released a fix.
Oct 20 2004 (Mandrake Issues Fix) LibTIFF Integer Overflows Let Remote Users Crash the Application
Mandrake has issued a fix.
Oct 21 2004 (Mandrake Issues Fix for wxGTK2) LibTIFF Integer Overflows Let Remote Users Crash the Application
Mandrake has released a fix for GTK2, which includes libtiff.
Oct 23 2004 (Red Hat Issues Fix) LibTIFF Integer Overflows Let Remote Users Crash the Application
Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Oct 29 2004 (Fedroa Issues Fix for KDE on FC2) LibTIFF Integer Overflows Let Remote Users Crash the Application
Fedora has released a fix for kdegraphics on Fedora Core 2.
Nov 1 2004 (Slackware Issues Fix) LibTIFF Integer Overflows Let Remote Users Crash the Application
Slackware has released a fix.
Nov 8 2004 (Conectiva Issues Fix) LibTIFF Integer Overflows Let Remote Users Crash the Application
Conectiva has released a fix.
Dec 2 2004 (Apple Issues Fix for AppKit) LibTIFF Integer Overflows Let Remote Users Crash the Application
Apple has issued a fix for AppKit, which is affected by the libtiff vulnerability.
Dec 9 2004 (KDE Issues Fix for kfax) LibTIFF Integer Overflows Let Remote Users Crash the Application
KDE issues fix for KDE kfax, which is affected by the LibTIFF vulnerability.
Dec 19 2004 (Gentoo Describes Workaround for KDE kfax) LibTIFF Integer Overflows Let Remote Users Crash the Application
Gentoo has described a workaround for KDE kfax.
Apr 14 2005 (Red Hat Issues Fix for KDE graphics) LibTIFF Integer Overflows Let Remote Users Crash the Application
Red Hat has released a fix for KDE graphics.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC