6.5

CVE-2006-2025

Exploit
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version <= 3.8.0
LibtiffLibtiff Version3.4
LibtiffLibtiff Version3.5.1
LibtiffLibtiff Version3.5.2
LibtiffLibtiff Version3.5.3
LibtiffLibtiff Version3.5.4
LibtiffLibtiff Version3.5.5
LibtiffLibtiff Version3.5.6
LibtiffLibtiff Version3.5.7
LibtiffLibtiff Version3.6.0
LibtiffLibtiff Version3.6.1
LibtiffLibtiff Version3.7.0
LibtiffLibtiff Version3.7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.52% 0.952
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
http://secunia.com/advisories/20210
http://secunia.com/advisories/19897
http://www.novell.com/linux/security/advisories/2006_04_28.html
http://secunia.com/advisories/20345
http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml
http://secunia.com/advisories/19964
http://www.trustix.org/errata/2006/0024
http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
Patch
Exploit
http://secunia.com/advisories/19838
http://secunia.com/advisories/19936
http://secunia.com/advisories/19949
http://secunia.com/advisories/20021
http://secunia.com/advisories/20023
http://secunia.com/advisories/20667
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1
http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm
http://www.debian.org/security/2006/dsa-1054
http://www.mandriva.com/security/advisories?name=MDKSA-2006:082
http://www.redhat.com/support/errata/RHSA-2006-0425.html
http://www.vupen.com/english/advisories/2006/1563
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
Patch
Exploit
https://usn.ubuntu.com/277-1/
http://www.securityfocus.com/bid/17732
https://exchange.xforce.ibmcloud.com/vulnerabilities/26134
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10593