Vulnerabilities > CVE-2006-2120 - Denial of Service vulnerability in Libtiff 3.8.1

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
local
low complexity
libtiff
nessus

Summary

The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.

Vulnerable Configurations

Part Description Count
Application
Libtiff
1

Nessus

  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-082.NASL
    descriptionSeveral bugs were discovered in libtiff that can lead to remote Denial of Service attacks. These bugs can only be triggered by a user using an application that uses libtiff to process malformed TIFF images. The updated packages have been patched to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21357
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21357
    titleMandrake Linux Security Advisory : libtiff (MDKSA-2006:082)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1078.NASL
    descriptionAndrey Kiselev discovered a problem in the TIFF library that may allow an attacker with a specially crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values to crash the library and hence the surrounding application.
    last seen2020-06-01
    modified2020-06-02
    plugin id22620
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22620
    titleDebian DSA-1078-1 : tiff - out-of-bounds read
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-277-1.NASL
    descriptionTavis Ormandy and Andrey Kiselev discovered that libtiff did not sufficiently verify the validity of TIFF files. By tricking an user into opening a specially crafted TIFF file with any application that uses libtiff, an attacker could exploit this to crash the application or even execute arbitrary code with the application
    last seen2020-06-01
    modified2020-06-02
    plugin id21371
    published2006-05-13
    reporterUbuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21371
    titleUbuntu 5.04 / 5.10 : tiff vulnerabilities (USN-277-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2006-0425.NASL
    descriptionUpdated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025) A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026) Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21365
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21365
    titleRHEL 2.1 / 3 / 4 : libtiff (RHSA-2006:0425)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2006-0425.NASL
    descriptionUpdated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025) A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026) Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id21900
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21900
    titleCentOS 3 / 4 : libtiff (CESA-2006:0425)

Oval

accepted2013-04-29T04:20:22.110-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionThe TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
familyunix
idoval:org.mitre.oval:def:9572
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
version26

Redhat

advisories
bugzilla
id189974
titleCVE-2006-2120 libtiff DoS
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 4 is installed
      ovaloval:com.redhat.rhba:tst:20070304025
    • OR
      • AND
        • commentlibtiff is earlier than 0:3.6.1-10
          ovaloval:com.redhat.rhsa:tst:20060425001
        • commentlibtiff is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060425002
      • AND
        • commentlibtiff-devel is earlier than 0:3.6.1-10
          ovaloval:com.redhat.rhsa:tst:20060425003
        • commentlibtiff-devel is signed with Red Hat master key
          ovaloval:com.redhat.rhsa:tst:20060425004
rhsa
idRHSA-2006:0425
released2006-05-09
severityImportant
titleRHSA-2006:0425: libtiff security update (Important)
rpms
  • libtiff-0:3.5.7-25.el3.1
  • libtiff-0:3.6.1-10
  • libtiff-debuginfo-0:3.5.7-25.el3.1
  • libtiff-debuginfo-0:3.6.1-10
  • libtiff-devel-0:3.5.7-25.el3.1
  • libtiff-devel-0:3.6.1-10