6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.117 Low
EPSS
Percentile
94.7%
The libtiff package contains a library of functions for manipulating TIFF
(Tagged Image File Format) image format files.
An integer overflow flaw was discovered in libtiff. An attacker could
create a carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2025)
A double free flaw was discovered in libtiff. An attacker could create a
carefully crafted TIFF file in such a way that it could cause an
application linked with libtiff to crash or possibly execute arbitrary
code. (CVE-2006-2026)
Several denial of service flaws were discovered in libtiff. An attacker
could create a carefully crafted TIFF file in such a way that it could
cause an application linked with libtiff to crash. (CVE-2006-2024,
CVE-2006-2120)
All users are advised to upgrade to these updated packages, which contain
backported fixes for these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 2 | i386 | libtiff | < 3.5.7-30.el2.1 | libtiff-3.5.7-30.el2.1.i386.rpm |
RedHat | any | s390 | libtiff | < 3.6.1-10 | libtiff-3.6.1-10.s390.rpm |
RedHat | 3 | s390 | libtiff | < 3.5.7-25.el3.1 | libtiff-3.5.7-25.el3.1.s390.rpm |
RedHat | 3 | i386 | libtiff | < 3.5.7-25.el3.1 | libtiff-3.5.7-25.el3.1.i386.rpm |
RedHat | any | ppc64 | libtiff | < 3.6.1-10 | libtiff-3.6.1-10.ppc64.rpm |
RedHat | 3 | s390x | libtiff | < 3.5.7-25.el3.1 | libtiff-3.5.7-25.el3.1.s390x.rpm |
RedHat | any | ia64 | libtiff | < 3.6.1-10 | libtiff-3.6.1-10.ia64.rpm |
RedHat | any | i386 | libtiff | < 3.6.1-10 | libtiff-3.6.1-10.i386.rpm |
RedHat | 2 | ia64 | libtiff | < 3.5.7-30.el2.1 | libtiff-3.5.7-30.el2.1.ia64.rpm |
RedHat | 3 | ia64 | libtiff | < 3.5.7-25.el3.1 | libtiff-3.5.7-25.el3.1.ia64.rpm |