CVE-2006-2024 - Vulnerability Details

Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Libtiff	Libtiff
Redhat	Enterprise Linux

Configuration 1 [-]

OR	cpe:2.3:a:libtiff:libtiff::::::::
	cpe:2.3:a:libtiff:libtiff:3.4:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.2:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.3:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.4:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.5:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.6:::::::*
	cpe:2.3:a:libtiff:libtiff:3.5.7:::::::*
	cpe:2.3:a:libtiff:libtiff:3.6.0:::::::*
	cpe:2.3:a:libtiff:libtiff:3.6.1:::::::*
	cpe:2.3:a:libtiff:libtiff:3.7.0:::::::*
	cpe:2.3:a:libtiff:libtiff:3.7.1:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
libtiff-0:3.5.7-25.el3.1	cpe:/o:redhat:enterprise_linux:3	RHSA-2006:0425	2006-05-09T00:00:00Z
kdegraphics-7:3.1.3-3.10	cpe:/o:redhat:enterprise_linux:3	RHSA-2006:0648	2006-08-28T00:00:00Z
Red Hat Enterprise Linux 4
libtiff-0:3.6.1-10	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0425	2006-05-09T00:00:00Z

References

Link	Providers
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
http://secunia.com/advisories/19838
http://secunia.com/advisories/19851
http://secunia.com/advisories/19897
http://secunia.com/advisories/19936
http://secunia.com/advisories/19949
http://secunia.com/advisories/19964
http://secunia.com/advisories/20021
http://secunia.com/advisories/20023
http://secunia.com/advisories/20210
http://secunia.com/advisories/20345
http://secunia.com/advisories/20667
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1
http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm
http://www.debian.org/security/2006/dsa-1054
http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:082
http://www.novell.com/linux/security/advisories/2006_04_28.html
http://www.redhat.com/support/errata/RHSA-2006-0425.html
http://www.securityfocus.com/bid/17730
http://www.trustix.org/errata/2006/0024
http://www.vupen.com/english/advisories/2006/1563
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
https://exchange.xforce.ibmcloud.com/vulnerabilities/26133
https://nvd.nist.gov/vuln/detail/CVE-2006-2024
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893
https://usn.ubuntu.com/277-1/
https://www.cve.org/CVERecord?id=CVE-2006-2024

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-04-25T23:00:00

Updated: 2024-08-07T17:35:31.058Z

Reserved: 2006-04-25T00:00:00

Link: CVE-2006-2024

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-04-25T23:02:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-2024

Redhat

Severity : Important

Publid Date: 2006-03-03T00:00:00Z

Links: CVE-2006-2024 - Bugzilla

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object