Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2006-AVI-224
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités dans la bibliothèque de fonctions libTIFF permettent à un utilisateur distant mal intentionné de provoquer un déni de service ou d'exécuter du code arbitraire.
Description
La bibliothèque de fonctions libTIFF est utilisée pour l'affichage ou la
manipulation d'images au format TIFF dans diverses applications comme
l'éditeur d'images The GIMP.
Trois vulnérabilités sont présentes dans la libTIFF :
- Une erreur non spécifiée dans la fonction TIFFFetchAnyArray() permet de provoquer un déni de service de l'application utilisant cette fonction ;
- une erreur dans la fonction TIFFFectchData() permet de provoquer un déni de service de l'application utilisant cette fonction ou d'exécuter du code arbitraire à distance ;
- une erreur dans le fichier tif_jpeg.c permet à un utilisateur distant mal intentionné de provoquer un déni de service de l'application utilisant une fonction vulnérable de ce fichier ou d'exécuter du code arbitraire.
Toutes ces vulnérabilités sont exploitables par le biais d'une image particulière au format TIFF.
Solution
La version 3.8.1 corrige ces problèmes :
http://www.remotesensing.org/libtiff/
libTIFF versions 3.8.0 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003elibTIFF versions 3.8.0 et ant\u00e9rieures.\u003c/p\u003e",
"content": "## Description\n\nLa biblioth\u00e8que de fonctions libTIFF est utilis\u00e9e pour l\u0027affichage ou la\nmanipulation d\u0027images au format TIFF dans diverses applications comme\nl\u0027\u00e9diteur d\u0027images The GIMP. \nTrois vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans la libTIFF :\n\n- Une erreur non sp\u00e9cifi\u00e9e dans la fonction TIFFFetchAnyArray() permet\n de provoquer un d\u00e9ni de service de l\u0027application utilisant cette\n fonction ;\n- une erreur dans la fonction TIFFFectchData() permet de provoquer un\n d\u00e9ni de service de l\u0027application utilisant cette fonction ou\n d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance ;\n- une erreur dans le fichier tif_jpeg.c permet \u00e0 un utilisateur\n distant mal intentionn\u00e9 de provoquer un d\u00e9ni de service de\n l\u0027application utilisant une fonction vuln\u00e9rable de ce fichier ou\n d\u0027ex\u00e9cuter du code arbitraire.\n\nToutes ces vuln\u00e9rabilit\u00e9s sont exploitables par le biais d\u0027une image\nparticuli\u00e8re au format TIFF.\n\n## Solution\n\nLa version 3.8.1 corrige ces probl\u00e8mes :\n\n http://www.remotesensing.org/libtiff/\n",
"cves": [
{
"name": "CVE-2006-2024",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2024"
},
{
"name": "CVE-2006-0405",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-0405"
},
{
"name": "CVE-2006-2026",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2026"
},
{
"name": "CVE-2006-2025",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2025"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1054 du 27 mai 2006 :",
"url": "http://www.debian.org/security/dsa-1054"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200605-17 du 31 mai 2006 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 1078 du 27 mai 2006 :",
"url": "http://www.debian.org/security/dsa-1078"
},
{
"title": "Liste des changements apport\u00e9s \u00e0 la version 3.8.1 de libTIFF :",
"url": "http://www.remotesensing.org/libtiff/3.8.1.html"
}
],
"reference": "CERTA-2006-AVI-224",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-06-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s dans la biblioth\u00e8que de fonctions libTIFF\npermettent \u00e0 un utilisateur distant mal intentionn\u00e9 de provoquer un d\u00e9ni\nde service ou d\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Multiples Vuln\u00e9rabilit\u00e9s dans libTIFF",
"vendor_advisories": [
{
"published_at": null,
"title": "Liste des changements apport\u00e9s dans la version 3.8.1 de libTIFF",
"url": null
}
]
}
CVE-2006-2025 (GCVE-0-2006-2025)
Vulnerability from cvelistv5 – Published: 2006-04-25 23:00 – Updated: 2024-08-07 17:35
VLAI?
EPSS
Summary
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.264Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1563"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20210"
},
{
"name": "19949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19949"
},
{
"name": "libtiff-tifffetchdata-overflow(26134)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26134"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
},
{
"name": "103099",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
},
{
"name": "USN-277-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/277-1/"
},
{
"name": "GLSA-200605-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"name": "20667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20667"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
},
{
"name": "19936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19936"
},
{
"name": "19964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19964"
},
{
"name": "201332",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
},
{
"name": "2006-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "20345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20345"
},
{
"name": "DSA-1054",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1054"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "17732",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17732"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
},
{
"name": "RHSA-2006:0425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
},
{
"name": "19838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19838"
},
{
"name": "oval:org.mitre.oval:def:10593",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10593"
},
{
"name": "20021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20021"
},
{
"name": "MDKSA-2006:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "20023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20023"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1563"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20210"
},
{
"name": "19949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19949"
},
{
"name": "libtiff-tifffetchdata-overflow(26134)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26134"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
},
{
"name": "103099",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
},
{
"name": "USN-277-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/277-1/"
},
{
"name": "GLSA-200605-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"name": "20667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20667"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
},
{
"name": "19936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19936"
},
{
"name": "19964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19964"
},
{
"name": "201332",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
},
{
"name": "2006-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "20345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20345"
},
{
"name": "DSA-1054",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1054"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "17732",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17732"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
},
{
"name": "RHSA-2006:0425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
},
{
"name": "19838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19838"
},
{
"name": "oval:org.mitre.oval:def:10593",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10593"
},
{
"name": "20021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20021"
},
{
"name": "MDKSA-2006:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "20023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20023"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1563"
},
{
"name": "20210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20210"
},
{
"name": "19949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19949"
},
{
"name": "libtiff-tifffetchdata-overflow(26134)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26134"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
},
{
"name": "103099",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
},
{
"name": "USN-277-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/277-1/"
},
{
"name": "GLSA-200605-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"name": "20667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20667"
},
{
"name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102",
"refsource": "MISC",
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
},
{
"name": "19936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19936"
},
{
"name": "19964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19964"
},
{
"name": "201332",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
},
{
"name": "2006-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "20345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20345"
},
{
"name": "DSA-1054",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1054"
},
{
"name": "20060501-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "17732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17732"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
},
{
"name": "RHSA-2006:0425",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
},
{
"name": "19838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19838"
},
{
"name": "oval:org.mitre.oval:def:10593",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10593"
},
{
"name": "20021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20021"
},
{
"name": "MDKSA-2006:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
},
{
"name": "19897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19897"
},
{
"name": "20023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20023"
},
{
"name": "SUSE-SR:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2025",
"datePublished": "2006-04-25T23:00:00",
"dateReserved": "2006-04-25T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.264Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2024 (GCVE-0-2006-2024)
Vulnerability from cvelistv5 – Published: 2006-04-25 23:00 – Updated: 2024-08-07 17:35
VLAI?
EPSS
Summary
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "libtiff-tifffetchanyarray-dos(26133)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26133"
},
{
"name": "19851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19851"
},
{
"name": "ADV-2006-1563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1563"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20210"
},
{
"name": "19949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19949"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
},
{
"name": "103099",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
},
{
"name": "USN-277-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/277-1/"
},
{
"name": "GLSA-200605-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"name": "20667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20667"
},
{
"name": "oval:org.mitre.oval:def:9893",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
},
{
"name": "19936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19936"
},
{
"name": "19964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19964"
},
{
"name": "201332",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
},
{
"name": "2006-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "20345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20345"
},
{
"name": "DSA-1054",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1054"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
},
{
"name": "RHSA-2006:0425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
},
{
"name": "19838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19838"
},
{
"name": "20021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20021"
},
{
"name": "MDKSA-2006:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "20023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20023"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"name": "17730",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17730"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain \"codec cleanup methods\" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "libtiff-tifffetchanyarray-dos(26133)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26133"
},
{
"name": "19851",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19851"
},
{
"name": "ADV-2006-1563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1563"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20210"
},
{
"name": "19949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
},
{
"name": "103099",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
},
{
"name": "USN-277-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/277-1/"
},
{
"name": "GLSA-200605-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"name": "20667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20667"
},
{
"name": "oval:org.mitre.oval:def:9893",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
},
{
"name": "19936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19936"
},
{
"name": "19964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19964"
},
{
"name": "201332",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
},
{
"name": "2006-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "20345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20345"
},
{
"name": "DSA-1054",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1054"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
},
{
"name": "RHSA-2006:0425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
},
{
"name": "19838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19838"
},
{
"name": "20021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20021"
},
{
"name": "MDKSA-2006:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "20023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20023"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"name": "17730",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17730"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain \"codec cleanup methods\" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "libtiff-tifffetchanyarray-dos(26133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26133"
},
{
"name": "19851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19851"
},
{
"name": "ADV-2006-1563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1563"
},
{
"name": "20210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20210"
},
{
"name": "19949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19949"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
},
{
"name": "103099",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
},
{
"name": "USN-277-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/277-1/"
},
{
"name": "GLSA-200605-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"name": "20667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20667"
},
{
"name": "oval:org.mitre.oval:def:9893",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893"
},
{
"name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102",
"refsource": "MISC",
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
},
{
"name": "19936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19936"
},
{
"name": "19964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19964"
},
{
"name": "201332",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
},
{
"name": "2006-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "20345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20345"
},
{
"name": "DSA-1054",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1054"
},
{
"name": "20060501-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
},
{
"name": "RHSA-2006:0425",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
},
{
"name": "19838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19838"
},
{
"name": "20021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20021"
},
{
"name": "MDKSA-2006:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
},
{
"name": "19897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19897"
},
{
"name": "20023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20023"
},
{
"name": "SUSE-SR:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"name": "17730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17730"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2024",
"datePublished": "2006-04-25T23:00:00",
"dateReserved": "2006-04-25T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0405 (GCVE-0-2006-0405)
Vulnerability from cvelistv5 – Published: 2006-01-25 02:00 – Updated: 2024-08-07 16:34
VLAI?
EPSS
Summary
The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:34:14.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-0302",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0302"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1029"
},
{
"name": "18172",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18172"
},
{
"name": "GLSA-200605-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"name": "20345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20345"
},
{
"name": "libtiff-tiffvsetfield-dos(24275)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24275"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1034"
},
{
"name": "18587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18587"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-0302",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0302"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1029"
},
{
"name": "18172",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18172"
},
{
"name": "GLSA-200605-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"name": "20345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20345"
},
{
"name": "libtiff-tiffvsetfield-dos(24275)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24275"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1034"
},
{
"name": "18587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18587"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0302",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0302"
},
{
"name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1029",
"refsource": "MISC",
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1029"
},
{
"name": "18172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18172"
},
{
"name": "GLSA-200605-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"name": "20345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20345"
},
{
"name": "libtiff-tiffvsetfield-dos(24275)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24275"
},
{
"name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1034",
"refsource": "MISC",
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1034"
},
{
"name": "18587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18587"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0405",
"datePublished": "2006-01-25T02:00:00",
"dateReserved": "2006-01-25T00:00:00",
"dateUpdated": "2024-08-07T16:34:14.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2026 (GCVE-0-2006-2026)
Vulnerability from cvelistv5 – Published: 2006-04-25 23:00 – Updated: 2024-08-07 17:35
VLAI?
EPSS
Summary
Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:31.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-1563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1563"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20210"
},
{
"name": "19949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19949"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
},
{
"name": "103099",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
},
{
"name": "USN-277-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/277-1/"
},
{
"name": "GLSA-200605-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"name": "20667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20667"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
},
{
"name": "libtiff-tifjpeg-doublefree-memory-corruption(26135)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26135"
},
{
"name": "19936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19936"
},
{
"name": "19964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19964"
},
{
"name": "201332",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
},
{
"name": "2006-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "20345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20345"
},
{
"name": "DSA-1054",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1054"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
},
{
"name": "oval:org.mitre.oval:def:11389",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11389"
},
{
"name": "RHSA-2006:0425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
},
{
"name": "19838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19838"
},
{
"name": "20021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20021"
},
{
"name": "MDKSA-2006:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "20023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20023"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"name": "17733",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to \"setfield/getfield methods in cleanup functions.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-03T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-1563",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1563"
},
{
"name": "20210",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20210"
},
{
"name": "19949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
},
{
"name": "103099",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
},
{
"name": "USN-277-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/277-1/"
},
{
"name": "GLSA-200605-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"name": "20667",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20667"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
},
{
"name": "libtiff-tifjpeg-doublefree-memory-corruption(26135)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26135"
},
{
"name": "19936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19936"
},
{
"name": "19964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19964"
},
{
"name": "201332",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
},
{
"name": "2006-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "20345",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20345"
},
{
"name": "DSA-1054",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1054"
},
{
"name": "20060501-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
},
{
"name": "oval:org.mitre.oval:def:11389",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11389"
},
{
"name": "RHSA-2006:0425",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
},
{
"name": "19838",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19838"
},
{
"name": "20021",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20021"
},
{
"name": "MDKSA-2006:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
},
{
"name": "19897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19897"
},
{
"name": "20023",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20023"
},
{
"name": "SUSE-SR:2006:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"name": "17733",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to \"setfield/getfield methods in cleanup functions.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-1563",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1563"
},
{
"name": "20210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20210"
},
{
"name": "19949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19949"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933"
},
{
"name": "103099",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1"
},
{
"name": "USN-277-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/277-1/"
},
{
"name": "GLSA-200605-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml"
},
{
"name": "20667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20667"
},
{
"name": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102",
"refsource": "MISC",
"url": "http://bugzilla.remotesensing.org/show_bug.cgi?id=1102"
},
{
"name": "libtiff-tifjpeg-doublefree-memory-corruption(26135)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26135"
},
{
"name": "19936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19936"
},
{
"name": "19964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19964"
},
{
"name": "201332",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1"
},
{
"name": "2006-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "20345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20345"
},
{
"name": "DSA-1054",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1054"
},
{
"name": "20060501-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm"
},
{
"name": "oval:org.mitre.oval:def:11389",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11389"
},
{
"name": "RHSA-2006:0425",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0425.html"
},
{
"name": "19838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19838"
},
{
"name": "20021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20021"
},
{
"name": "MDKSA-2006:082",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:082"
},
{
"name": "19897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19897"
},
{
"name": "20023",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20023"
},
{
"name": "SUSE-SR:2006:009",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_28.html"
},
{
"name": "17733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2026",
"datePublished": "2006-04-25T23:00:00",
"dateReserved": "2006-04-25T00:00:00",
"dateUpdated": "2024-08-07T17:35:31.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…