PT-2005-1087 · Tiff+1 · Tiff+1

Tavis Ormandy

Published

2005-05-10

Updated

2017-07-11

CVE-2005-1544

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libTIFF versions prior to 3.7.2 tiff package versions prior to 3.7.2

Description The issue is related to a stack-based buffer overflow in libTIFF, which can be triggered by a TIFF file with a malformed BitsPerSample tag. This can allow remote attackers to execute arbitrary code. The exploitation of this issue may lead to a violation of confidentiality, integrity, and availability of protected information, and it can be exploited remotely.

Recommendations For libTIFF versions prior to 3.7.2, update to version 3.7.2 or later to resolve the issue. For tiff package versions prior to 3.7.2, update to version 3.7.2 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-09475

CVE-2005-1544

DSA-755-1

Affected Products

Libtiff

Tiff

PT-2005-1087 · Tiff+1 · Tiff+1

CVE-2005-1544

Related Identifiers

Affected Products

References · 23