Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2026

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2006-2026
Last Modified 18 Jul 2013 09:46:26
Published 25 Apr 2006 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-2026

Summary

Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."

Vulnerable Systems

Application

  • Libtiff 3.4

  • Libtiff 3.5.1

  • Libtiff 3.5.2

  • Libtiff 3.5.3

  • Libtiff 3.5.4

  • Libtiff 3.5.5

  • Libtiff 3.5.6

  • Libtiff 3.5.7

  • Libtiff 3.6.0

  • Libtiff 3.6.1

  • Libtiff 3.7.0

  • Libtiff 3.7.1

  • Libtiff 3.8.0


References

CONFIRM - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933

MISC - http://bugzilla.remotesensing.org/show_bug.cgi?id=1102

XF - libtiff-tifjpeg-doublefree-memory-corruption(26135)

VUPEN - ADV-2006-1563

UBUNTU - USN-277-1

TRUSTIX - 2006-0024

BID - 17733

REDHAT - RHSA-2006:0425

SUSE - SUSE-SR:2006:009

MANDRIVA - MDKSA-2006:082

GENTOO - GLSA-200605-17

DEBIAN - DSA-1054

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm

SECUNIA - 20667

SECUNIA - 20345

SECUNIA - 20210

SECUNIA - 20023

SECUNIA - 20021

SECUNIA - 19964

SECUNIA - 19949

SECUNIA - 19936

SECUNIA - 19897

SECUNIA - 19838

SGI - 20060501-01-U

SUNALERT - 201332

SUNALERT - 103099


Last Updated: 27 May 2016 10:42:18