6.5 Medium
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.117 Low
EPSS
Percentile
95.3%
CentOS Errata and Security Advisory CESA-2006:0425
The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.
An integer overflow flaw was discovered in libtiff. An attacker could
create a carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2025)
A double free flaw was discovered in libtiff. An attacker could create a
carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2026)
Several denial of service flaws were discovered in libtiff. An attacker
could create a carefully crafted TIFF file in such a way that it could
cause an application linked with libtiff to crash. (CVE-2006-2024,
CVE-2006-2120)
All users are advised to upgrade to these updated packages, which contain
backported fixes for these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-May/075052.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075053.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075056.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075057.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075059.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075060.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075061.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075062.html
https://lists.centos.org/pipermail/centos-announce/2006-May/075063.html
Affected packages:
libtiff
libtiff-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0425
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 3 | i386 | libtiff | < 3.5.7-25.el3.1 | libtiff-3.5.7-25.el3.1.i386.rpm |
CentOS | 3 | i386 | libtiff-devel | < 3.5.7-25.el3.1 | libtiff-devel-3.5.7-25.el3.1.i386.rpm |
CentOS | 3 | i386 | libtiff | < 3.5.7-25.el3.1 | libtiff-3.5.7-25.el3.1.i386.rpm |
CentOS | 3 | x86_64 | libtiff | < 3.5.7-25.el3.1 | libtiff-3.5.7-25.el3.1.x86_64.rpm |
CentOS | 3 | x86_64 | libtiff-devel | < 3.5.7-25.el3.1 | libtiff-devel-3.5.7-25.el3.1.x86_64.rpm |
CentOS | 4 | i386 | libtiff | < 3.6.1-10 | libtiff-3.6.1-10.i386.rpm |
CentOS | 4 | x86_64 | libtiff | < 3.6.1-10 | libtiff-3.6.1-10.x86_64.rpm |
CentOS | 4 | x86_64 | libtiff-devel | < 3.6.1-10 | libtiff-devel-3.6.1-10.x86_64.rpm |
CentOS | 4 | i386 | libtiff | < 3.6.1-10 | libtiff-3.6.1-10.i386.rpm |
CentOS | 4 | i386 | libtiff-devel | < 3.6.1-10 | libtiff-devel-3.6.1-10.i386.rpm |