Vulnerability Name:

CVE-2006-2026 (CCN-26135)

Assigned:2006-03-03
Published:2006-03-03
Updated:2018-10-03
Summary:Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: UNKNOWN
20060501-01-U

Source: MISC
Type: Exploit, Patch
http://bugzilla.remotesensing.org/show_bug.cgi?id=1102

Source: MITRE
Type: CNA
CVE-2006-2026

Source: CCN
Type: RHSA-2006-0425
libtiff security update

Source: CCN
Type: RHSA-2006-0648
kdegraphics security update

Source: CCN
Type: SA19838
LibTIFF Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
19838

Source: SECUNIA
Type: Vendor Advisory
19897

Source: SECUNIA
Type: Vendor Advisory
19936

Source: SECUNIA
Type: Vendor Advisory
19949

Source: SECUNIA
Type: Vendor Advisory
19964

Source: SECUNIA
Type: Vendor Advisory
20021

Source: SECUNIA
Type: Vendor Advisory
20023

Source: SECUNIA
Type: Vendor Advisory
20210

Source: SECUNIA
Type: Vendor Advisory
20345

Source: CCN
Type: SA20667
Avaya Products LibTIFF Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
20667

Source: SUNALERT
Type: UNKNOWN
103099

Source: SUNALERT
Type: UNKNOWN
201332

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm

Source: CCN
Type: ASA-2006-119
libtiff security update (RHSA-2006-0425)

Source: DEBIAN
Type: UNKNOWN
DSA-1054

Source: DEBIAN
Type: DSA-1054
tiff -- several vulnerabilities

Source: CCN
Type: GLSA-200605-17
libTIFF: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200605-17

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:082

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:009

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0425

Source: CCN
Type: LibTIFF Web page
Changes in TIFF v3.8.1

Source: BID
Type: UNKNOWN
17733

Source: CCN
Type: BID-17733
LibTiff Double Free Memory Corruption Vulnerability

Source: TRUSTIX
Type: UNKNOWN
2006-0024

Source: CCN
Type: USN-277-1
TIFF library vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-1563

Source: CCN
Type: Red Hat Bugzilla Bug 189933
CVE-2006-2024 multiple libtiff issues (CVE-2006-2025, CVE-2006-2026)

Source: CONFIRM
Type: Exploit, Patch
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933

Source: XF
Type: UNKNOWN
libtiff-tifjpeg-doublefree-memory-corruption(26135)

Source: XF
Type: UNKNOWN
libtiff-tifjpeg-doublefree-memory-corruption(26135)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11389

Source: UBUNTU
Type: UNKNOWN
USN-277-1

Source: SUSE
Type: SUSE-SR:2006:009
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:*:*:*:*:*:*:*:* (Version <= 3.8.0)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20062026
    V
    		CVE-2006-2026
    2015-11-16
    oval:org.mitre.oval:def:11389
    V
    		Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."
    2013-04-29
    oval:com.redhat.rhsa:def:20060648
    P
    		RHSA-2006:0648: kdegraphics security update (Moderate)
    2008-03-20
    oval:com.redhat.rhsa:def:20060425
    P
    		RHSA-2006:0425: libtiff security update (Important)
    2006-05-09
    oval:org.debian:def:1054
    V
    		several vulnerabilities
    2006-05-09
    BACK
    libtiff libtiff 3.4
    libtiff libtiff 3.5.1
    libtiff libtiff 3.5.2
    libtiff libtiff 3.5.3
    libtiff libtiff 3.5.4
    libtiff libtiff 3.5.5
    libtiff libtiff 3.5.6
    libtiff libtiff 3.5.7
    libtiff libtiff 3.6.0
    libtiff libtiff 3.6.1
    libtiff libtiff 3.7.0
    libtiff libtiff 3.7.1
    libtiff libtiff *