CVE-2004-1183

Name of the Vulnerable Software and Affected Versions libtiff versions 3.7.1 and earlier libtiff version 3.5.5

Description The issue is related to an integer overflow in the tiffdump utility, which can be exploited by remote attackers using a crafted TIFF file. This can lead to a denial of service, causing the application to crash, and potentially allow the execution of arbitrary code. Additionally, there are multiple vulnerabilities in the libtiff package that can compromise the confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely.

Recommendations For libtiff versions 3.7.1 and earlier, update to a version later than 3.7.1 to resolve the issue. For libtiff version 3.5.5, consider disabling the tiffdump utility until a patch is available. Restrict access to crafted TIFF files to minimize the risk of exploitation.