Unrated severityNVD Advisory· Published Dec 21, 2004· Updated Apr 16, 2026

CVE-2004-1307

Description

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Affected products

Avaya/Call Management System Server5 versions
cpe:2.3:a:avaya:call_management_system_server:11.0:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:avaya:call_management_system_server:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:call_management_system_server:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:call_management_system_server:13.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:call_management_system_server:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:call_management_system_server:9.0:*:*:*:*:*:*:*
Avaya/Cvlan
cpe:2.3:a:avaya:cvlan:*:*:*:*:*:*:*:*
Avaya/Integrated Management
cpe:2.3:a:avaya:integrated_management:*:*:*:*:*:*:*:*
Avaya/Interactive Response3 versions
cpe:2.3:a:avaya:interactive_response:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:avaya:interactive_response:*:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:interactive_response:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:interactive_response:1.3:*:*:*:*:*:*:*
Avaya/Intuity Audix Lx
cpe:2.3:a:avaya:intuity_audix_lx:*:*:*:*:*:*:*:*
Avaya/Mn100
cpe:2.3:a:avaya:mn100:*:*:*:*:*:*:*:*
LibTIFF/Libtiff10 versions
cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
Sgi/Propack
cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:*
Apple Inc./Mac Os X10 versions
cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
Apple Inc./Mac Os X Server10 versions
cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
Avaya/Modular Messaging Message Storage Server2 versions
cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:avaya:modular_messaging_message_storage_server:1.1:*:*:*:*:*:*:*
- cpe:2.3:o:avaya:modular_messaging_message_storage_server:2.0:*:*:*:*:*:*:*
Conectiva/Linux2 versions
cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:conectiva:linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*
Gentoo/Linux
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
Mandrakesoft/Mandrake Linux4 versions
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*
Mandrakesoft/Mandrake Linux Corporate Server2 versions
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
SCO Group/Unixware
cpe:2.3:o:sco:unixware:7.1.4:*:*:*:*:*:*:*
Sun Corporation/Solaris7 versions
cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*+ 6 more
- cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:10.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*
Sun Corporation/Sunos2 versions
cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apple.com/archives/security-announce/2005/May/msg00001.htmlnvdPatchVendor Advisory
www.idefense.com/application/poi/displaynvdPatchVendor Advisory
www.kb.cert.org/vuls/id/539110nvdPatchThird Party AdvisoryUS Government Resource
www.us-cert.gov/cas/techalerts/TA05-136A.htmlnvdUS Government Resource
sunsolve.sun.com/search/document.donvd
sunsolve.sun.com/search/document.donvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000