Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2120

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2006-2120
Last Modified 21 Aug 2010 12:46:15
Published 01 May 2006 06:06:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-2120

Summary

The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.

Vulnerable Systems

Application

  • Libtiff 3.8.1


References

CONFIRM - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974

CONFIRM - http://bugzilla.remotesensing.org/show_bug.cgi?id=1065

UBUNTU - USN-277-1

TRUSTIX - 2006-0024

BID - 17809

REDHAT - RHSA-2006:0425

MANDRIVA - MDKSA-2006:082

DEBIAN - DSA-1078

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm

SECUNIA - 20667

SECUNIA - 20330

SECUNIA - 20210

SECUNIA - 20023

SECUNIA - 19964

SECUNIA - 19949

SECUNIA - 19936

SGI - 20060501-01-U


Last Updated: 27 May 2016 10:42:20