medium
5
CWE
NVD-CWE-Other 190
Advisory Published
Updated

CVE-2004-0886: Integer Overflow

First published: Tue Oct 26 2004(Updated: )

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
tiff=3.6.1
wxGTK2
PDFlib=5.0.2
wxGTK2=2.5_.0
tiff=3.4
tiff=3.5.7
tiff=3.6.0
tiff=3.5.3
tiff=3.5.4
tiff=3.5.2
tiff=3.5.5
tiff=3.5.1
SUSE Linux=9.0
Red Hat Enterprise Linux=2.1
Red Hat Fedora Core=core_2.0
Apple macOS Server=10.3.2
Apple iOS and macOS=10.2.5
Trustix Secure Linux=2.0
Apple macOS Server=10.2.2
Red Hat Enterprise Linux Desktop=3.0
SUSE Linux=9.0
Apple iOS and macOS=10.2.7
Apple iOS and macOS=10.2.8
Apple macOS Server=10.2.4
Red Hat Linux Advanced Workstation=2.1
KDE Kde Beta 3=3.3.1
Apple iOS and macOS=10.2.1
SUSE Linux=8.2
Red Hat Enterprise Linux=3.0
Red Hat Enterprise Linux=2.1
Apple macOS Server=10.3.5
Apple iOS and macOS=10.3.1
SUSE Linux=8
KDE Kde Beta 3=3.2.2
SUSE Linux=1.0
KDE Kde Beta 3=3.2.1
Apple iOS and macOS=10.3.5
Apple macOS Server=10.3.3
Red Hat Enterprise Linux=2.1
Apple macOS Server=10.2.7
Apple macOS Server=10.2.3
Apple iOS and macOS=10.2.4
Apple macOS Server=10.3.4
Trustix Secure Linux=1.5
Apple iOS and macOS=10.3.2
Apple iOS and macOS=10.2.2
Apple macOS Server=10.2.5
Red Hat Linux Advanced Workstation=2.1
SUSE Linux=9.1
Apple iOS and macOS=10.3.6
Apple macOS Server=10.3
Apple macOS Server=10.2.6
Red Hat Enterprise Linux=3.0
Apple macOS Server=10.2
Red Hat Enterprise Linux=2.1
Apple macOS Server=10.2.1
Apple macOS Server=10.3.1
KDE Kde Beta 3=3.3
Mandrake Linux=10.0
Apple iOS and macOS=10.3.4
Red Hat Enterprise Linux=2.1
Apple iOS and macOS=10.3.3
Apple iOS and macOS=10.2.6
Trustix Secure Linux=2.1
KDE Kde Beta 3=3.2
KDE Kde Beta 3=3.2.3
Apple iOS and macOS=10.2.3
Apple macOS Server=10.2.8
Apple iOS and macOS=10.2
SUSE Linux=8.1
Apple iOS and macOS=10.3
Red Hat Enterprise Linux=2.1
Apple macOS Server=10.3.6
Mandrake Linux=10.0
Red Hat Enterprise Linux=3.0

Remedy

http://www.redhat.com/support/errata/RHSA-2004-577.html

Remedy

http://www.securityfocus.com/bid/11406

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2004-0886?

    CVE-2004-0886 has a severity rating that could lead to denial of service through crashes or memory corruption.

  • How do I fix CVE-2004-0886?

    To fix CVE-2004-0886, upgrade to versions of libtiff later than 3.6.1 that have patched the integer overflow vulnerabilities.

  • What systems are affected by CVE-2004-0886?

    CVE-2004-0886 affects libtiff versions 3.6.1 and earlier as well as several applications using vulnerable versions of libtiff.

  • How can CVE-2004-0886 be exploited?

    CVE-2004-0886 can be exploited by remote attackers through specially crafted TIFF images that trigger integer overflows.

  • Is there a known workaround for CVE-2004-0886?

    There are no known effective workarounds for CVE-2004-0886, and users are advised to apply available updates.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203