CVE-CVE-2004-1307 | UNKNOWN Severity | CVEDatabase.com

Description

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

CVSS Metrics

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector: network
Access Cmplx: low
Auth: none
Confidentiality: partial
Integrity: partial
Availability: partial
Weaknesses: NVD-CWE-Other

Metadata

Primary Vendor: AVAYA
Published: 12/21/2004
Last Modified: 4/3/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

avaya : call_management_system_serveravaya : call_management_system_serveravaya : call_management_system_serveravaya : call_management_system_serveravaya : call_management_system_serveravaya : cvlanavaya : integrated_managementavaya : interactive_responseavaya : interactive_responseavaya : interactive_responseavaya : intuity_audix_lxf5 : icontrol_service_managerf5 : icontrol_service_managerf5 : icontrol_service_managerf5 : icontrol_service_managerlibtiff : libtifflibtiff : libtifflibtiff : libtifflibtiff : libtifflibtiff : libtifflibtiff : libtifflibtiff : libtifflibtiff : libtifflibtiff : libtifflibtiff : libtiffsgi : propackconectiva : linuxconectiva : linuxavaya : mn100apple : mac_os_xapple : mac_os_xapple : mac_os_xapple : mac_os_xapple : mac_os_xapple : mac_os_xapple : mac_os_xapple : mac_os_xapple : mac_os_xapple : mac_os_xapple : mac_os_x_serverapple : mac_os_x_serverapple : mac_os_x_serverapple : mac_os_x_serverapple : mac_os_x_serverapple : mac_os_x_serverapple : mac_os_x_serverapple : mac_os_x_serverapple : mac_os_x_serverapple : mac_os_x_serveravaya : modular_messaging_message_storage_serveravaya : modular_messaging_message_storage_servergentoo : linuxmandrakesoft : mandrake_linuxmandrakesoft : mandrake_linuxmandrakesoft : mandrake_linuxmandrakesoft : mandrake_linuxmandrakesoft : mandrake_linux_corporate_servermandrakesoft : mandrake_linux_corporate_serversco : unixwaresun : solarissun : solarissun : solarissun : solarissun : solarissun : solarissun : solarissun : sunossun : sunos

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD