CVE-2006-2025

Severity

65%

Complexity

80%

Confidentiality

106%

This vulnerability is addressed in the following product release: libTIFF, libTIFF, 3.8.1

Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.

This vulnerability is addressed in the following product release: libTIFF, libTIFF, 3.8.1

CVSS 2.0 Base Score 6.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P).

Overview

First reported 18 years ago

2006-04-25 23:02:00

Last updated 6 years ago

2018-10-03 21:40:00

Affected Software

LibTIFF 3.4

3.4

LibTIFF 3.5.1

3.5.1

LibTIFF 3.5.2

3.5.2

LibTIFF 3.5.3

3.5.3

LibTIFF 3.5.4

3.5.4

LibTIFF 3.5.5

3.5.5

LibTIFF 3.5.6

3.5.6

LibTIFF 3.5.7

3.5.7

LibTIFF 3.6.0

3.6.0

LibTIFF 3.6.1

3.6.1

LibTIFF 3.7.0

3.7.0

LibTIFF 3.7.1

3.7.1

LibTIFF

References

20060501-01-U

http://bugzilla.remotesensing.org/show_bug.cgi?id=1102

Exploit, Patch

19838

19897

19936

19949

19964

20021

20023

20210

20345

20667

103099

201332

http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm

DSA-1054

GLSA-200605-17

MDKSA-2006:082

SUSE-SR:2006:009

RHSA-2006:0425

17732

2006-0024

ADV-2006-1563

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933

Exploit, Patch

libtiff-tifffetchdata-overflow(26134)

oval:org.mitre.oval:def:10593

USN-277-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.