fkie_cve-2005-1544
Vulnerability from fkie_nvd
Published
2005-05-14 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.
References
cve@mitre.orgftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt
cve@mitre.orgftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt
cve@mitre.orghttp://bugs.gentoo.org/show_bug.cgi?id=91584Patch
cve@mitre.orghttp://bugzilla.remotesensing.org/show_bug.cgi?id=843
cve@mitre.orghttp://secunia.com/advisories/15320
cve@mitre.orghttp://secunia.com/advisories/16872
cve@mitre.orghttp://secunia.com/advisories/18289
cve@mitre.orghttp://secunia.com/advisories/18943
cve@mitre.orghttp://securitytracker.com/id?1013944
cve@mitre.orghttp://www.debian.org/security/2005/dsa-755
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200505-07.xml
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:042
cve@mitre.orghttp://www.osvdb.org/16350
cve@mitre.orghttp://www.securityfocus.com/bid/13585
cve@mitre.orghttp://www.ubuntu.com/usn/usn-130-1
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/20533
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt
af854a3a-2127-422b-91ae-364da2661108ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=91584Patch
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.remotesensing.org/show_bug.cgi?id=843
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/15320
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16872
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18289
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/18943
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013944
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2005/dsa-755
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:042
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/16350
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/13585
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-130-1
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/20533
Impacted products
Vendor Product Version
libtiff libtiff 3.4
libtiff libtiff 3.5.1
libtiff libtiff 3.5.2
libtiff libtiff 3.5.3
libtiff libtiff 3.5.4
libtiff libtiff 3.5.5
libtiff libtiff 3.5.6
libtiff libtiff 3.5.7
libtiff libtiff 3.6.0
libtiff libtiff 3.6.1
libtiff libtiff 3.7.0
libtiff libtiff 3.7.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCA5EEB8-9D2C-49A9-BB08-CE5017B79D81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "261FAE51-5207-4136-9FFE-2330A281266C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B32C83B9-F7DA-450A-A687-9A73734CD712",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9485283A-B73E-4567-914A-42A86F5FFCB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "95892168-0FB6-4E3F-9303-2F9B3CF60D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5021564-5E0A-4DDC-BC68-200B6050043E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "11C50750-FE1D-42BA-9125-7D8E872AA2DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "19AA66E5-FDDD-4243-B945-DFEBDD25F258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62F359CD-5DC4-4919-B8E1-95BDDBD27EFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C8C550-3313-4266-B4B3-E9E9047CFE04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABEEBA7B-81D5-4148-912B-9AD448BBE741",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "448555FE-8E91-4EA7-BA05-6915F5508319",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag."
    }
  ],
  "id": "CVE-2005-1544",
  "lastModified": "2024-11-20T23:57:34.383",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-14T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=91584"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=843"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/15320"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/16872"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18289"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18943"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1013944"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2005/dsa-755"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:042"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/16350"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/13585"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-130-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.3/SCOSA-2006.3.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.34/SCOSA-2005.34.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=91584"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/15320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/16872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18289"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1013944"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2005/dsa-755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/16350"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/13585"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-130-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20533"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.\n",
      "lastModified": "2006-08-30T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.