Unrated severityNVD Advisory· Published Jan 10, 2005· Updated Jun 16, 2026
CVE-2004-1308
CVE-2004-1308
Description
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
- (no CPE)range: 3.5.7, 3.7.0
Patches
Vulnerability mechanics
References
16- www.idefense.com/application/poi/displaynvdExploitPatchVendor Advisory
- www.kb.cert.org/vuls/id/125598nvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA05-136A.htmlnvdUS Government Resource
- distro.conectiva.com.br/atualizacoes/nvd
- lists.apple.com/archives/security-announce/2005/May/msg00001.htmlnvd
- secunia.com/advisories/13776nvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- www.debian.org/security/2004/dsa-617nvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2005_01_libtiff_tiff.htmlnvd
- www.redhat.com/support/errata/RHSA-2005-019.htmlnvd
- www.redhat.com/support/errata/RHSA-2005-035.htmlnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/18637nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100117nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9392nvd
News mentions
0No linked articles in our index yet.