Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2024

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-2024
Last Modified 07 Mar 2011 09:34:49
Published 25 Apr 2006 07:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-2024

Summary

Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.

Vulnerable Systems

Application

  • Libtiff 3.4

  • Libtiff 3.5.1

  • Libtiff 3.5.2

  • Libtiff 3.5.3

  • Libtiff 3.5.4

  • Libtiff 3.5.5

  • Libtiff 3.5.6

  • Libtiff 3.5.7

  • Libtiff 3.6.0

  • Libtiff 3.6.1

  • Libtiff 3.7.0

  • Libtiff 3.7.1

  • Libtiff 3.8.0


References

CONFIRM - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933

VUPEN - ADV-2006-1563

MISC - http://bugzilla.remotesensing.org/show_bug.cgi?id=1102

XF - libtiff-tifffetchanyarray-dos(26133)

UBUNTU - USN-277-1

TRUSTIX - 2006-0024

BID - 17730

REDHAT - RHSA-2006:0425

SUSE - SUSE-SR:2006:009

MANDRIVA - MDKSA-2006:082

GENTOO - GLSA-200605-17

DEBIAN - DSA-1054

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm

SUNALERT - 201332

SUNALERT - 103099

SECUNIA - 20667

SECUNIA - 20345

SECUNIA - 20210

SECUNIA - 20023

SECUNIA - 20021

SECUNIA - 19964

SECUNIA - 19949

SECUNIA - 19936

SECUNIA - 19897

SECUNIA - 19851

SECUNIA - 19838

SGI - 20060501-01-U


Last Updated: 27 May 2016 10:42:18