Vulnerability Note VU#948752

LibTIFF contains multiple heap-based buffer overflows

Original Release date: 01 Dec 2004 | Last revised: 17 Mar 2005


LibTIFF contains multiple heap-based buffer overflows that may allow an attacker to execute arbitrary code or cause a denial-of-service condition.


LibTIFF is a library used to encode and decode images in Tag Image File Format (TIFF). Multiple LibTIFF routines contain buffer overflow vulnerabilities including, but not necessarily limited to, the following functions:

  • NeXTDecode (in libtiff/tif_next.c)
  • ThunderDecode (in libtiff/tif_thunder.c)
  • LogL16Decode (in libtiff/tif_luv.c)

These issues are the result of insufficient validation of user-supplied data. Consequently, a remote attacker may be able to exploit these vulnerabilities by supplying an application using LibTIFF with a specially crafted TIFF image.

Any program that uses the LibTIFF library may be affected by this issue. Users are encouraged to contact their vendors to determine if they are vulnerable.


Specific impacts depend on the application and LibTIFF routine being attacked. Potential consequences range from abrupt and abnormal program termination to the execution of arbitrary code with the privileges of the compromised program.


Apply Patch

Patch or upgrade as specified by your vendor. Users who suspect they are vulnerable are encouraged to check with their vendor to determine the appropriate action to take.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected01 Nov 200401 Dec 2004
DebianAffected01 Nov 200402 Nov 2004
NEC CorporationNot Affected01 Nov 200417 Mar 2005
BSDIUnknown-01 Nov 2004
ConectivaUnknown-01 Nov 2004
Cray Inc.Unknown-01 Nov 2004
EMC CorporationUnknown-01 Nov 2004
EngardeUnknown-01 Nov 2004
F5 NetworksUnknown-01 Nov 2004
FreeBSDUnknown-01 Nov 2004
FujitsuUnknown-01 Nov 2004
GentooUnknown-30 Nov 2004
Hewlett-Packard CompanyUnknown-01 Nov 2004
HitachiUnknown-01 Nov 2004
IBMUnknown-01 Nov 2004
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was reported by Thierry Carrez and discovered by Chris Evans.

This document was written by Jeff Gennari based on information provided by Gentoo Linux Security Advisory GLSA 200410-11.

Other Information

  • CVE IDs: CAN-2004-0803
  • Date Public: 13 Oct 2004
  • Date First Published: 01 Dec 2004
  • Date Last Updated: 17 Mar 2005
  • Severity Metric: 7.42
  • Document Revision: 79


If you have feedback, comments, or additional information about this vulnerability, please send us email.