FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tiff -- RLE decoder heap overflows

Affected packages
tiff <= 3.6.1_1
linux-tiff < 3.6.1
pdflib < 6.0.1
pdflib-perl < 6.0.1
gdal < 1.2.1_2
ivtools < 1.2.3
paraview < 2.4.3
fractorama < 1.6.7_1
0 < iv
0 < ja-iv
0 < ja-libimg

Details

VuXML ID f6680c03-0bd8-11d9-8a8a-000c41e2cdad
Discovery 2004-10-13
Entry 2004-10-13
Modified 2006-06-08

Chris Evans discovered several heap buffer overflows in libtiff's RLE decoder. These overflows could be triggered by a specially-crafted TIFF image file, resulting in an application crash and possibly arbitrary code execution.

References

CERT/CC Vulnerability Note 948752
CVE Name CVE-2004-0803
URL http://scary.beasts.org/security/CESA-2004-006.txt