| Vulnerability Name: | CVE-2006-2024 (CCN-26133) | ||||||||||||||||||||||||
| Assigned: | 2006-03-03 | ||||||||||||||||||||||||
| Published: | 2006-03-03 | ||||||||||||||||||||||||
| Updated: | 2018-10-03 | ||||||||||||||||||||||||
| Summary: | Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 2.8 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:P)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||
| References: | Source: SGI Type: UNKNOWN 20060501-01-U Source: MISC Type: Exploit http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 Source: MITRE Type: CNA CVE-2006-2024 Source: CCN Type: RHSA-2006-0425 libtiff security update Source: CCN Type: RHSA-2006-0648 kdegraphics security update Source: CCN Type: SA19838 LibTIFF Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 19838 Source: SECUNIA Type: UNKNOWN 19851 Source: SECUNIA Type: UNKNOWN 19897 Source: SECUNIA Type: UNKNOWN 19936 Source: SECUNIA Type: UNKNOWN 19949 Source: SECUNIA Type: UNKNOWN 19964 Source: SECUNIA Type: UNKNOWN 20021 Source: SECUNIA Type: UNKNOWN 20023 Source: SECUNIA Type: UNKNOWN 20210 Source: SECUNIA Type: UNKNOWN 20345 Source: CCN Type: SA20667 Avaya Products LibTIFF Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 20667 Source: SUNALERT Type: UNKNOWN 103099 Source: SUNALERT Type: UNKNOWN 201332 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm Source: CCN Type: ASA-2006-119 libtiff security update (RHSA-2006-0425) Source: DEBIAN Type: UNKNOWN DSA-1054 Source: DEBIAN Type: DSA-1054 tiff -- several vulnerabilities Source: CCN Type: GLSA-200605-17 libTIFF: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200605-17 Source: MANDRIVA Type: UNKNOWN MDKSA-2006:082 Source: SUSE Type: UNKNOWN SUSE-SR:2006:009 Source: REDHAT Type: UNKNOWN RHSA-2006:0425 Source: CCN Type: LibTIFF Web page Changes in TIFF v3.8.1 Source: BID Type: UNKNOWN 17730 Source: CCN Type: BID-17730 LibTiff Multiple Denial of Service Vulnerabilities Source: TRUSTIX Type: UNKNOWN 2006-0024 Source: CCN Type: USN-277-1 TIFF library vulnerabilities Source: VUPEN Type: UNKNOWN ADV-2006-1563 Source: CCN Type: Red Hat Bugzilla Bug 189933 CVE-2006-2024 multiple libtiff issues (CVE-2006-2025, CVE-2006-2026) Source: CONFIRM Type: Patch https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933 Source: XF Type: UNKNOWN libtiff-tifffetchanyarray-dos(26133) Source: XF Type: UNKNOWN libtiff-tifffetchanyarray-dos(26133) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9893 Source: UBUNTU Type: UNKNOWN USN-277-1 Source: SUSE Type: SUSE-SR:2006:009 SUSE Security Summary Report | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||