SecurityTracker.com Archives - LibTIFF Integer Overflow in 'tif

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > LibTIFF

Vendors: libtiff.org

LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service

SecurityTracker Alert ID: 1011724

SecurityTracker URL: http://securitytracker.com/id?1011724

CVE Reference: CAN-2004-0804 (Links to External Site)

Date: Oct 15 2004

Impact: Denial of service via network

Version(s): 3.6.1

Description: A vulnerability was reported in LibTIFF. A remote user can cause an application using LibTIFF to crash.

Debian reported that Matthias Clasen discovered a division by zero error through an integer overflow. The flaw resides in 'libtiff/tif_dirread.c'.

Impact: A remote user can cause the target application to crash.

Solution: No upstream solution was available at the time of this entry.

Vendor URL: www.libtiff.org/ (Links to External Site)

Cause: Boundary error

Underlying OS: Linux (Any), UNIX (Any)

Message History: This archive entry has one or more follow-up message(s) listed below.

Oct 15 2004	(Debian Issues Fix) LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service (joey@infodrom.org (Martin Schulze)) Debian has released a fix.
Oct 20 2004	(Mandrake Issues Fix) LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service (Mandrake Linux Security Team <security@linux-mandrake.com>) Mandrake has issued a fix.
Oct 21 2004	(Mandrake Issues Fix for wxGTK2) LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service (Mandrake Linux Security Team <security@linux-mandrake.com>) Mandrake has released a fix for GTK2, which includes libtiff.
Oct 23 2004	(Red Hat Issues Fix) LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service (bugzilla@redhat.com) Red Hat has released a fix for Red Hat Enterprise Linux 2.1 and 3.
Nov 1 2004	(Slackware Issues Fix) LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service (Slackware Security Team <security@slackware.com>) Slackware has released a fix.
Nov 8 2004	(Conectiva Issues Fix) LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service (Conectiva Updates <secure@conectiva.com.br>) Conectiva has released a fix.
Dec 2 2004	(Apple Issues Fix for AppKit) LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service Apple has issued a fix for AppKit, which is affected by the libtiff vulnerability.
Dec 6 2004	(Gentoo Issues Fix for PDFlib) LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service (Luke Macken <lewk@gentoo.org>) Gentoo has released a fix for PDFlib.
Dec 9 2004	(KDE Issues Fix for kfax) LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service (Dirk Mueller <mueller@kde.org>) KDE issues fix for KDE kfax, which is affected by the LibTIFF vulnerability.
Dec 19 2004	(Gentoo Describes Workaround for KDE kfax) LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service (Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>) Gentoo has described a workaround for KDE kfax.
Apr 14 2005	(Red Hat Issues Fix for KDE graphics) LibTIFF Integer Overflow in 'tif_dirread' Lets Remote Users Deny Service (bugzilla@redhat.com) Red Hat has released a fix for KDE graphics.

Source Message Contents

Date: Fri, 15 Oct 2004 18:53:05 -0400
Subject: [none]

 
 
CVE: CAN-2004-0804
 
Debian reported that Matthias Clasen discovered a division by zero error through an 
integer overflow.  The flaw resides in 'libtiff/tif_dirread.c'

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2005, SecurityGlobal.net LLC