CVE-2005-1544
Description
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
- (no CPE)range: <3.7.2
Patches
Vulnerability mechanics
Root cause
"A stack-based buffer overflow vulnerability exists in libTIFF when processing a malformed BitsPerSample tag."
Attack vector
Remote attackers can trigger this vulnerability by providing a specially crafted TIFF file containing a malformed BitsPerSample tag [ref_id=1]. When the libTIFF library attempts to read and process this malformed tag, it can lead to a stack-based buffer overflow. This overflow can be exploited to overwrite critical data on the stack, potentially allowing an attacker to execute arbitrary code.
Affected code
The vulnerability lies within the libTIFF library, specifically in how it handles TIFF files with malformed BitsPerSample tags. The provided exploit code targets the `tiffinfo` utility, suggesting that the parsing logic within libTIFF is susceptible to this overflow [ref_id=1].
What the fix does
The advisory indicates that libTIFF versions prior to 3.7.2 are affected. The fix involves updating the libTIFF library to version 3.7.2 or later. This update is expected to correct the input validation or handling of the BitsPerSample tag, preventing the buffer overflow condition.
Preconditions
- inputThe target system must be running a version of libTIFF prior to 3.7.2.
- inputThe attacker must be able to provide a malformed TIFF file to the vulnerable application.
Reproduction
```bash # Tested on LibTIFF 3.7.1 # Coded by Agustin Gianni (agustingianni at gmail.com) and Samelat
# Compile the exploit make libtiff_exploit
# Execute the exploit ./libtiff_exploit /usr/local/bin/tiffinfo evil.tiff ```
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
16- bugs.gentoo.org/show_bug.cginvdPatch
- ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txtnvd
- ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txtnvd
- bugzilla.remotesensing.org/show_bug.cginvd
- secunia.com/advisories/15320nvd
- secunia.com/advisories/16872nvd
- secunia.com/advisories/18289nvd
- secunia.com/advisories/18943nvd
- securitytracker.com/idnvd
- www.debian.org/security/2005/dsa-755nvd
- www.gentoo.org/security/en/glsa/glsa-200505-07.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.osvdb.org/16350nvd
- www.securityfocus.com/bid/13585nvd
- www.ubuntu.com/usn/usn-130-1nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/20533nvd
News mentions
0No linked articles in our index yet.