ID CVE-2006-2120
Summary The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
References
Vulnerable Configurations
  • LibTIFF 3.8.1
    cpe:2.3:a:libtiff:libtiff:3.8.1
CVSS
Base: 2.1 (as of 02-05-2006 - 11:22)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0425.NASL
    description Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025) A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026) Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21900
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21900
    title CentOS 3 / 4 : libtiff (CESA-2006:0425)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0425.NASL
    description Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) image format files. An integer overflow flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2025) A double free flaw was discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash or possibly execute arbitrary code. (CVE-2006-2026) Several denial of service flaws were discovered in libtiff. An attacker could create a carefully crafted TIFF file in such a way that it could cause an application linked with libtiff to crash. (CVE-2006-2024, CVE-2006-2120) All users are advised to upgrade to these updated packages, which contain backported fixes for these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 21365
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21365
    title RHEL 2.1 / 3 / 4 : libtiff (RHSA-2006:0425)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-082.NASL
    description Several bugs were discovered in libtiff that can lead to remote Denial of Service attacks. These bugs can only be triggered by a user using an application that uses libtiff to process malformed TIFF images. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 21357
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21357
    title Mandrake Linux Security Advisory : libtiff (MDKSA-2006:082)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1078.NASL
    description Andrey Kiselev discovered a problem in the TIFF library that may allow an attacker with a specially crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values to crash the library and hence the surrounding application.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 22620
    published 2006-10-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=22620
    title Debian DSA-1078-1 : tiff - out-of-bounds read
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-277-1.NASL
    description Tavis Ormandy and Andrey Kiselev discovered that libtiff did not sufficiently verify the validity of TIFF files. By tricking an user into opening a specially crafted TIFF file with any application that uses libtiff, an attacker could exploit this to crash the application or even execute arbitrary code with the application's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-15
    plugin id 21371
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21371
    title Ubuntu 5.04 / 5.10 : tiff vulnerabilities (USN-277-1)
oval via4
accepted 2013-04-29T04:20:22.110-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
family unix
id oval:org.mitre.oval:def:9572
status accepted
submitted 2010-07-09T03:56:16-04:00
title The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
version 23
redhat via4
advisories
bugzilla
id 189974
title CVE-2006-2120 libtiff DoS
oval
OR
  • AND
    comment Red Hat Enterprise Linux 3 is installed
    oval oval:com.redhat.rhsa:tst:20060015001
  • AND
    comment Red Hat Enterprise Linux 4 is installed
    oval oval:com.redhat.rhsa:tst:20060016001
rhsa
id RHSA-2006:0425
released 2006-05-09
severity Important
title RHSA-2006:0425: libtiff security update (Important)
refmap via4
bid 17809
confirm
debian DSA-1078
mandriva MDKSA-2006:082
secunia
  • 19936
  • 19949
  • 19964
  • 20023
  • 20210
  • 20330
  • 20667
sgi 20060501-01-U
trustix 2006-0024
ubuntu USN-277-1
Last major update 21-08-2010 - 00:46
Published 01-05-2006 - 18:06
Last modified 03-10-2018 - 17:40
Back to Top