Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote malicious users to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
avaya call management system server 13.0 |
||
avaya call management system server 8.0 |
||
f5 icontrol service manager 1.3 |
||
f5 icontrol service manager 1.3.4 |
||
libtiff libtiff 3.5.4 |
||
libtiff libtiff 3.5.5 |
||
conectiva linux 9.0 |
||
avaya call management system server 11.0 |
||
avaya call management system server 12.0 |
||
avaya interactive response 1.3 |
||
avaya intuity audix lx |
||
libtiff libtiff 3.5.2 |
||
libtiff libtiff 3.5.3 |
||
sgi propack 3.0 |
||
conectiva linux 10.0 |
||
avaya integrated management |
||
avaya interactive response |
||
avaya interactive response 1.2.1 |
||
libtiff libtiff 3.4 |
||
libtiff libtiff 3.5.1 |
||
libtiff libtiff 3.6.1 |
||
libtiff libtiff 3.7.0 |
||
avaya call management system server 9.0 |
||
avaya cvlan |
||
f5 icontrol service manager 1.3.5 |
||
f5 icontrol service manager 1.3.6 |
||
libtiff libtiff 3.5.7 |
||
libtiff libtiff 3.6.0 |
||
apple mac os x 10.3.6 |
||
apple mac os x 10.3.7 |
||
apple mac os x server 10.3.4 |
||
apple mac os x server 10.3.5 |
||
gentoo linux |
||
mandrakesoft mandrake linux 10.0 |
||
sun solaris 10.0 |
||
sun sunos 5.7 |
||
apple mac os x 10.3.4 |
||
apple mac os x 10.3.5 |
||
apple mac os x server 10.3.2 |
||
apple mac os x server 10.3.3 |
||
avaya modular messaging message storage server 1.1 |
||
avaya modular messaging message storage server 2.0 |
||
apple mac os x 10.3.2 |
||
apple mac os x 10.3.3 |
||
apple mac os x server 10.3 |
||
apple mac os x server 10.3.1 |
||
apple mac os x server 10.3.8 |
||
apple mac os x server 10.3.9 |
||
mandrakesoft mandrake linux corporate server 3.0 |
||
sun solaris 8.0 |
||
sun solaris 9.0 |
||
sco unixware 7.1.4 |
||
avaya mn100 |
||
apple mac os x 10.3 |
||
apple mac os x 10.3.1 |
||
apple mac os x 10.3.8 |
||
apple mac os x 10.3.9 |
||
apple mac os x server 10.3.6 |
||
apple mac os x server 10.3.7 |
||
mandrakesoft mandrake linux 10.1 |
||
sun solaris 7.0 |
||
sun sunos 5.8 |