4

CVE-2006-2024

Exploit
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version <= 3.8.0
LibtiffLibtiff Version3.4
LibtiffLibtiff Version3.5.1
LibtiffLibtiff Version3.5.2
LibtiffLibtiff Version3.5.3
LibtiffLibtiff Version3.5.4
LibtiffLibtiff Version3.5.5
LibtiffLibtiff Version3.5.6
LibtiffLibtiff Version3.5.7
LibtiffLibtiff Version3.6.0
LibtiffLibtiff Version3.6.1
LibtiffLibtiff Version3.7.0
LibtiffLibtiff Version3.7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.65% 0.944
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://secunia.com/advisories/20210
http://secunia.com/advisories/19897
http://www.novell.com/linux/security/advisories/2006_04_28.html
http://secunia.com/advisories/20345
http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml
http://secunia.com/advisories/19964
http://www.trustix.org/errata/2006/0024
http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
Exploit
http://secunia.com/advisories/19838
http://secunia.com/advisories/19851
http://secunia.com/advisories/19936
http://secunia.com/advisories/19949
http://secunia.com/advisories/20021
http://secunia.com/advisories/20023
http://secunia.com/advisories/20667
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1
http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm
http://www.debian.org/security/2006/dsa-1054
http://www.mandriva.com/security/advisories?name=MDKSA-2006:082
http://www.redhat.com/support/errata/RHSA-2006-0425.html
http://www.securityfocus.com/bid/17730
http://www.vupen.com/english/advisories/2006/1563
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/26133
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893
https://usn.ubuntu.com/277-1/