Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-2024

Disclosure Date: April 25, 2006
CVE-2006-2024
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain “codec cleanup methods” in (b) tif_lzw.c, © tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • libtiff

Products

  • libtiff,
  • libtiff 3.4,
  • libtiff 3.5.1,
  • libtiff 3.5.2,
  • libtiff 3.5.3,
  • libtiff 3.5.4,
  • libtiff 3.5.5,
  • libtiff 3.5.6,
  • libtiff 3.5.7,
  • libtiff 3.6.0,
  • libtiff 3.6.1,
  • libtiff 3.7.0,
  • libtiff 3.7.1

References

Canonical
CVE-2006-2024 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2024)
BID-17730 (http://www.securityfocus.com/bid/17730)
Advisory
XF-libtiff-tifffetchanyarray-dos(26133) (https://exchange.xforce.ibmcloud.com/vulnerabilities/26133)
SECUNIA-19851 (http://secunia.com/advisories/19851)
ADV-2006-1563 (http://www.vupen.com/english/advisories/2006/1563)
SECUNIA-20210 (http://secunia.com/advisories/20210)
SECUNIA-19949 (http://secunia.com/advisories/19949)
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
SUNALERT-103099 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1)
USN-277-1 (https://usn.ubuntu.com/277-1)
GLSA-200605-17 (http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml)
SECUNIA-20667 (http://secunia.com/advisories/20667)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893
SECUNIA-19936 (http://secunia.com/advisories/19936)
SECUNIA-19964 (http://secunia.com/advisories/19964)
SUNALERT-201332 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1)
SECUNIA-20345 (http://secunia.com/advisories/20345)
DSA-1054 (http://www.debian.org/security/2006/dsa-1054)
http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm
http://www.redhat.com/support/errata/RHSA-2006-0425.html
SECUNIA-19838 (http://secunia.com/advisories/19838)
SECUNIA-20021 (http://secunia.com/advisories/20021)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:082
SECUNIA-19897 (http://secunia.com/advisories/19897)
SECUNIA-20023 (http://secunia.com/advisories/20023)
http://www.novell.com/linux/security/advisories/2006_04_28.html
Miscellaneous
http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
2006-0024 (http://www.trustix.org/errata/2006/0024)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis