{"vuid":"VU#948752","idnumber":"948752","name":"LibTIFF contains multiple heap-based buffer overflows","keywords":["TIFF image","heap-based buffer overflow","arbitrary code execution","LibTIFF","denial-of-service","DoS"],"overview":"LibTIFF contains multiple heap-based buffer overflows that may allow an attacker to execute arbitrary code or cause a denial-of-service condition.","clean_desc":"LibTIFF is a library used to encode and decode images in Tag Image File Format (TIFF). Multiple LibTIFF routines contain buffer overflow vulnerabilities including, but not necessarily limited to, the following functions: NeXTDecode (in libtiff/tif_next.c)\nThunderDecode (in libtiff/tif_thunder.c)\nLogL16Decode (in libtiff/tif_luv.c) These issues are the result of insufficient validation of user-supplied data. Consequently, a remote attacker may be able to exploit these vulnerabilities by supplying an application using LibTIFF with a specially crafted TIFF image. Any program that uses the LibTIFF library may be affected by this issue. Users are encouraged to contact their vendors to determine if they are vulnerable.","impact":"Specific impacts depend on the application and LibTIFF routine being attacked. Potential consequences range from abrupt and abnormal program termination to the execution of arbitrary code with the privileges of the compromised program.","resolution":"Apply Patch Patch or upgrade as specified by your vendor. Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by Thierry Carrez and discovered by Chris Evans.","author":"This document was written by Jeff Gennari based on information provided by Gentoo Linux Security Advisory GLSA 200410-11.","public":["http://securitytracker.com/alerts/2004/Oct/1011667.html","http://scary.beasts.org/security/CESA-2004-006.txt","http://www.osvdb.org/displayvuln.php?osvdb_id=10750","http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0803"],"cveids":["CVE-2004-0803"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-10-13T15:17:55Z","publicdate":"2004-10-13T00:00:00Z","datefirstpublished":"2004-12-01T14:24:44Z","dateupdated":"2005-03-17T16:01:35Z","revision":83,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"16","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"10","cam_impact":"18","cam_easeofexploitation":"11","cam_attackeraccessrequired":"10","cam_scorecurrent":"7.425","cam_scorecurrentwidelyknown":"8.91","cam_scorecurrentwidelyknownexploited":"16.335","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":7.425,"vulnote":null}