fkie_cve-2006-2024
Vulnerability from fkie_nvd
Published
2006-04-25 23:02
Modified
2024-11-21 00:10
Severity ?
Summary
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
cve@mitre.orghttp://bugzilla.remotesensing.org/show_bug.cgi?id=1102Exploit
cve@mitre.orghttp://secunia.com/advisories/19838
cve@mitre.orghttp://secunia.com/advisories/19851
cve@mitre.orghttp://secunia.com/advisories/19897
cve@mitre.orghttp://secunia.com/advisories/19936
cve@mitre.orghttp://secunia.com/advisories/19949
cve@mitre.orghttp://secunia.com/advisories/19964
cve@mitre.orghttp://secunia.com/advisories/20021
cve@mitre.orghttp://secunia.com/advisories/20023
cve@mitre.orghttp://secunia.com/advisories/20210
cve@mitre.orghttp://secunia.com/advisories/20345
cve@mitre.orghttp://secunia.com/advisories/20667
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1
cve@mitre.orghttp://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1
cve@mitre.orghttp://support.avaya.com/elmodocs2/security/ASA-2006-119.htm
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1054
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200605-17.xml
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:082
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2006_04_28.html
cve@mitre.orghttp://www.redhat.com/support/errata/RHSA-2006-0425.html
cve@mitre.orghttp://www.securityfocus.com/bid/17730
cve@mitre.orghttp://www.trustix.org/errata/2006/0024
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/1563
cve@mitre.orghttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/26133
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893
cve@mitre.orghttps://usn.ubuntu.com/277-1/
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
af854a3a-2127-422b-91ae-364da2661108http://bugzilla.remotesensing.org/show_bug.cgi?id=1102Exploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19838
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19851
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19897
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19936
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19949
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/19964
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20021
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20023
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20210
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20345
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20667
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1
af854a3a-2127-422b-91ae-364da2661108http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1
af854a3a-2127-422b-91ae-364da2661108http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1054
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:082
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2006_04_28.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2006-0425.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/17730
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2006/0024
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/1563
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/26133
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/277-1/
Impacted products
Vendor Product Version
libtiff libtiff *
libtiff libtiff 3.4
libtiff libtiff 3.5.1
libtiff libtiff 3.5.2
libtiff libtiff 3.5.3
libtiff libtiff 3.5.4
libtiff libtiff 3.5.5
libtiff libtiff 3.5.6
libtiff libtiff 3.5.7
libtiff libtiff 3.6.0
libtiff libtiff 3.6.1
libtiff libtiff 3.7.0
libtiff libtiff 3.7.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D44E5F5-3351-47E6-81D5-859DA1A90E1B",
              "versionEndIncluding": "3.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCA5EEB8-9D2C-49A9-BB08-CE5017B79D81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "261FAE51-5207-4136-9FFE-2330A281266C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B32C83B9-F7DA-450A-A687-9A73734CD712",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9485283A-B73E-4567-914A-42A86F5FFCB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "95892168-0FB6-4E3F-9303-2F9B3CF60D2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5021564-5E0A-4DDC-BC68-200B6050043E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "11C50750-FE1D-42BA-9125-7D8E872AA2DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "19AA66E5-FDDD-4243-B945-DFEBDD25F258",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62F359CD-5DC4-4919-B8E1-95BDDBD27EFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2C8C550-3313-4266-B4B3-E9E9047CFE04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABEEBA7B-81D5-4148-912B-9AD448BBE741",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "448555FE-8E91-4EA7-BA05-6915F5508319",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain \"codec cleanup methods\" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nlibTIFF, libTIFF, 3.8.1",
  "id": "CVE-2006-2024",
  "lastModified": "2024-11-21T00:10:22.630",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-04-25T23:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19838"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19851"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19897"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19936"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19949"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/19964"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20021"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20023"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20210"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20345"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/20667"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1054"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17730"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2006/0024"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/1563"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26133"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://usn.ubuntu.com/277-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19851"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/19964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20345"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/20667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1054"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17730"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2006/0024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://usn.ubuntu.com/277-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.