Vulnerabilities > CVE-2006-2120 - Unspecified vulnerability in Libtiff 3.8.1
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN libtiff
nessus
Summary
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-082.NASL description Several bugs were discovered in libtiff that can lead to remote Denial of Service attacks. These bugs can only be triggered by a user using an application that uses libtiff to process malformed TIFF images. The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21357 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21357 title Mandrake Linux Security Advisory : libtiff (MDKSA-2006:082) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1078.NASL description Andrey Kiselev discovered a problem in the TIFF library that may allow an attacker with a specially crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values to crash the library and hence the surrounding application. last seen 2020-06-01 modified 2020-06-02 plugin id 22620 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22620 title Debian DSA-1078-1 : tiff - out-of-bounds read NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-277-1.NASL description Tavis Ormandy and Andrey Kiselev discovered that libtiff did not sufficiently verify the validity of TIFF files. By tricking an user into opening a specially crafted TIFF file with any application that uses libtiff, an attacker could exploit this to crash the application or even execute arbitrary code with the application last seen 2020-06-01 modified 2020-06-02 plugin id 21371 published 2006-05-13 reporter Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21371 title Ubuntu 5.04 / 5.10 : tiff vulnerabilities (USN-277-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0425.NASL description Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025) A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026) Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21365 published 2006-05-13 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21365 title RHEL 2.1 / 3 / 4 : libtiff (RHSA-2006:0425) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0425.NASL description Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025) A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026) Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21900 published 2006-07-03 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21900 title CentOS 3 / 4 : libtiff (CESA-2006:0425)
Oval
| accepted | 2013-04-29T04:20:22.110-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:9572 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://bugzilla.remotesensing.org/show_bug.cgi?id=1065
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974
- http://www.securityfocus.com/bid/17809
- http://secunia.com/advisories/19936
- http://secunia.com/advisories/19949
- http://www.trustix.org/errata/2006/0024
- http://secunia.com/advisories/19964
- http://www.redhat.com/support/errata/RHSA-2006-0425.html
- http://secunia.com/advisories/20023
- http://www.debian.org/security/2006/dsa-1078
- http://secunia.com/advisories/20330
- http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm
- ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
- http://secunia.com/advisories/20210
- http://secunia.com/advisories/20667
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:082
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9572
- https://usn.ubuntu.com/277-1/