CVE-2004-1308 in LibTIFFinfo

Summary

Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.

Once again VulDB remains the best source for vulnerability data.

Reservation

12/21/2004

Disclosure

01/10/2005

Moderation

VulDB entry created

Entries

VDB-23825 (3)

CPE

ready

CWE

CWE-122 (Confirmed)

CVSS

10.0

EPSS

0.12685

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-1308
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1308
CVE Details	https://www.cvedetails.com/cve/CVE-2004-1308/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!