CVE-2006-2120
CVSS2.1
发布时间 :2006-05-01 18:06:00
修订时间 :2010-08-21 00:46:15
NMCOPS    

[原文]The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.


[CNNVD]LibTiff TIFFToRGB函数 拒绝服务漏洞(CNNVD-200605-011)

        libtiff 3.8.1之前版本的TIFFToRGB函数可以使 远程攻击者借助特制的TIFF图像引起拒绝服务(崩溃)。该图像含有超出YCR/YCG/YCB 值的Yr/Yg/Yb 值,可触发越界读取。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9572The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2120
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2120
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-011
(官方数据源) CNNVD

- 其它链接及资源

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974
(PATCH)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974
http://bugzilla.remotesensing.org/show_bug.cgi?id=1065
(PATCH)  CONFIRM  http://bugzilla.remotesensing.org/show_bug.cgi?id=1065
http://www.ubuntulinux.org/support/documentation/usn/usn-277-1
(UNKNOWN)  UBUNTU  USN-277-1
http://www.trustix.org/errata/2006/0024
(UNKNOWN)  TRUSTIX  2006-0024
http://www.securityfocus.com/bid/17809
(UNKNOWN)  BID  17809
http://www.redhat.com/support/errata/RHSA-2006-0425.html
(UNKNOWN)  REDHAT  RHSA-2006:0425
http://www.mandriva.com/security/advisories?name=MDKSA-2006:082
(UNKNOWN)  MANDRIVA  MDKSA-2006:082
http://www.debian.org/security/2006/dsa-1078
(UNKNOWN)  DEBIAN  DSA-1078
http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm
http://secunia.com/advisories/20667
(UNKNOWN)  SECUNIA  20667
http://secunia.com/advisories/20330
(UNKNOWN)  SECUNIA  20330
http://secunia.com/advisories/20210
(UNKNOWN)  SECUNIA  20210
http://secunia.com/advisories/20023
(UNKNOWN)  SECUNIA  20023
http://secunia.com/advisories/19964
(UNKNOWN)  SECUNIA  19964
http://secunia.com/advisories/19949
(UNKNOWN)  SECUNIA  19949
http://secunia.com/advisories/19936
(UNKNOWN)  SECUNIA  19936
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
(UNKNOWN)  SGI  20060501-01-U

- 漏洞信息

LibTiff TIFFToRGB函数 拒绝服务漏洞
低危 其他
2006-05-01 00:00:00 2006-05-02 00:00:00
远程  
        libtiff 3.8.1之前版本的TIFFToRGB函数可以使 远程攻击者借助特制的TIFF图像引起拒绝服务(崩溃)。该图像含有超出YCR/YCG/YCB 值的Yr/Yg/Yb 值,可触发越界读取。

- 公告与补丁

        暂无数据

- 漏洞信息 (F46102)

Mandriva Linux Security Advisory 2006.082 (PacketStormID:F46102)
2006-05-06 00:00:00
Mandriva  mandriva.com
advisory,remote,denial of service
linux,mandriva
CVE-2006-2024,CVE-2006-2025,CVE-2006-2026,CVE-2006-2120
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-082 - Several bugs were discovered in libtiff that can lead to remote Denial of Service attacks. These bugs can only be triggered by a user using an application that uses libtiff to process malformed TIFF images.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:082
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : libtiff
 Date    : May 3, 2006
 Affected: 10.2, 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Several bugs were discovered in libtiff that can lead to remote Denial
 of Service attacks.  These bugs can only be triggered by a user using
 an application that uses libtiff to process malformed TIFF images.
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2024
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2120
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 08aa5454f03ea0daaf88792f1b28492d  10.2/RPMS/libtiff3-3.6.1-11.3.102mdk.i586.rpm
 edca378c1e3a3af275353828c8ba5746  10.2/RPMS/libtiff3-devel-3.6.1-11.3.102mdk.i586.rpm
 de9380639ecb80528e12cdfcc9b1f506  10.2/RPMS/libtiff3-static-devel-3.6.1-11.3.102mdk.i586.rpm
 6f3f3f8a152efa131e1fb1801452fc2c  10.2/RPMS/libtiff-progs-3.6.1-11.3.102mdk.i586.rpm
 c8add100f4b65e0a836f4b224f75fa38  10.2/SRPMS/libtiff-3.6.1-11.3.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 70df79d86316f9935d974d8e13a87b9b  x86_64/10.2/RPMS/lib64tiff3-3.6.1-11.3.102mdk.x86_64.rpm
 7e514fbb60efb31fdb095a364dab688e  x86_64/10.2/RPMS/lib64tiff3-devel-3.6.1-11.3.102mdk.x86_64.rpm
 42a6f0ab6296f393c56425650dcb8001  x86_64/10.2/RPMS/lib64tiff3-static-devel-3.6.1-11.3.102mdk.x86_64.rpm
 08aa5454f03ea0daaf88792f1b28492d  x86_64/10.2/RPMS/libtiff3-3.6.1-11.3.102mdk.i586.rpm
 edca378c1e3a3af275353828c8ba5746  x86_64/10.2/RPMS/libtiff3-devel-3.6.1-11.3.102mdk.i586.rpm
 de9380639ecb80528e12cdfcc9b1f506  x86_64/10.2/RPMS/libtiff3-static-devel-3.6.1-11.3.102mdk.i586.rpm
 cb843af331e738e4366d08c9aa10d254  x86_64/10.2/RPMS/libtiff-progs-3.6.1-11.3.102mdk.x86_64.rpm
 c8add100f4b65e0a836f4b224f75fa38  x86_64/10.2/SRPMS/libtiff-3.6.1-11.3.102mdk.src.rpm

 Mandriva Linux 2006.0:
 b312c637a3f8eaadd3ffef2f16106c61  2006.0/RPMS/libtiff3-3.6.1-12.2.20060mdk.i586.rpm
 0c78fe6412dd5d34e3be74f8e64bfcbe  2006.0/RPMS/libtiff3-devel-3.6.1-12.2.20060mdk.i586.rpm
 7985656ea5af359dc92d27a8f683511c  2006.0/RPMS/libtiff3-static-devel-3.6.1-12.2.20060mdk.i586.rpm
 6c9aad5364d6bbaafe838490c3de4149  2006.0/RPMS/libtiff-progs-3.6.1-12.2.20060mdk.i586.rpm
 8ebe45e1b516c5422078bccdc540fb90  2006.0/SRPMS/libtiff-3.6.1-12.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 3741640beefd9ceb2741dd894c00c5e7  x86_64/2006.0/RPMS/lib64tiff3-3.6.1-12.2.20060mdk.x86_64.rpm
 630cf4538bd6af1271128b0f842daf06  x86_64/2006.0/RPMS/lib64tiff3-devel-3.6.1-12.2.20060mdk.x86_64.rpm
 cdbe7a7912cc50b3e956ed4788cdf340  x86_64/2006.0/RPMS/lib64tiff3-static-devel-3.6.1-12.2.20060mdk.x86_64.rpm
 b312c637a3f8eaadd3ffef2f16106c61  x86_64/2006.0/RPMS/libtiff3-3.6.1-12.2.20060mdk.i586.rpm
 0c78fe6412dd5d34e3be74f8e64bfcbe  x86_64/2006.0/RPMS/libtiff3-devel-3.6.1-12.2.20060mdk.i586.rpm
 7985656ea5af359dc92d27a8f683511c  x86_64/2006.0/RPMS/libtiff3-static-devel-3.6.1-12.2.20060mdk.i586.rpm
 c18a79a99fd471ced4b9915a3f9cd02e  x86_64/2006.0/RPMS/libtiff-progs-3.6.1-12.2.20060mdk.x86_64.rpm
 8ebe45e1b516c5422078bccdc540fb90  x86_64/2006.0/SRPMS/libtiff-3.6.1-12.2.20060mdk.src.rpm

 Corporate 3.0:
 5b1cab786292da88043f192f544711d4  corporate/3.0/RPMS/libtiff3-3.5.7-11.9.C30mdk.i586.rpm
 07778376fbe909b72f11c72408802fce  corporate/3.0/RPMS/libtiff3-devel-3.5.7-11.9.C30mdk.i586.rpm
 2ce6f04f2ceb4e0c116b7f7a286b12e8  corporate/3.0/RPMS/libtiff3-static-devel-3.5.7-11.9.C30mdk.i586.rpm
 d070d7982ab041207bb3cbed78cdfedf  corporate/3.0/RPMS/libtiff-progs-3.5.7-11.9.C30mdk.i586.rpm
 b1d24c6cf07a8af24f162554bc891678  corporate/3.0/SRPMS/libtiff-3.5.7-11.9.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 28e50e45ffbd233c2613455e5e128bae  x86_64/corporate/3.0/RPMS/lib64tiff3-3.5.7-11.9.C30mdk.x86_64.rpm
 e43553c5fe9b72c12ba5538b4f5cae9a  x86_64/corporate/3.0/RPMS/lib64tiff3-devel-3.5.7-11.9.C30mdk.x86_64.rpm
 160b42be0ce2429fd6d14fca71d193a2  x86_64/corporate/3.0/RPMS/lib64tiff3-static-devel-3.5.7-11.9.C30mdk.x86_64.rpm
 5b1cab786292da88043f192f544711d4  x86_64/corporate/3.0/RPMS/libtiff3-3.5.7-11.9.C30mdk.i586.rpm
 2e301111d4c1920dfb9a83324492bec7  x86_64/corporate/3.0/RPMS/libtiff-progs-3.5.7-11.9.C30mdk.x86_64.rpm
 b1d24c6cf07a8af24f162554bc891678  x86_64/corporate/3.0/SRPMS/libtiff-3.5.7-11.9.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 7f6bd8706a7b6ffc36649aad2f4e199d  mnf/2.0/RPMS/libtiff3-3.5.7-11.9.M20mdk.i586.rpm
 320c31cfb0f44f1d3b43baf8f486e260  mnf/2.0/SRPMS/libtiff-3.5.7-11.9.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEWOdImqjQ0CJFipgRAgTeAJ91J7s/9SRK+d872XhloHZKEdSB9QCg4oxN
wHuMEdrSD1szf++QPdClUYQ=
=Vw5Q
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F46096)

Ubuntu Security Notice 277-1 (PacketStormID:F46096)
2006-05-06 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary
linux,ubuntu
CVE-2006-2024,CVE-2006-2025,CVE-2006-2026,CVE-2006-2120
[点击下载]

Ubuntu Security Notice 277-1 - Tavis Ormandy and Andrey Kiselev discovered that libtiff did not sufficiently verify the validity of TIFF files. By tricking an user into opening a specially crafted TIFF file with any application that uses libtiff, an attacker could exploit this to crash the application or even execute arbitrary code with the application's privileges.

===========================================================
Ubuntu Security Notice USN-277-1	       May 03, 2006
tiff vulnerabilities
CVE-2006-2024, CVE-2006-2025, CVE-2006-2026, CVE-2006-2120
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libtiff4

The problem can be corrected by upgrading the affected package to
version 3.6.1-5ubuntu0.3 (for Ubuntu 5.04), or 3.7.3-1ubuntu1.1 (for
Ubuntu 5.10). After a standard system upgrade you need to reboot your
computer to effect the necessary changes, since this library is used
by many client and server applications.

Details follow:

Tavis Ormandy and Andrey Kiselev discovered that libtiff did not
sufficiently verify the validity of TIFF files. By tricking an user
into opening a specially crafted TIFF file with any application that
uses libtiff, an attacker could exploit this to crash the application
or even execute arbitrary code with the application's privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.3.diff.gz
      Size/MD5:    25844 bf3bb894195ad17e5c860daf0b52e1ce
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1-5ubuntu0.3.dsc
      Size/MD5:      681 7ca48c0c729b1ed1eaf448c8f25f3fd9
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.6.1.orig.tar.gz
      Size/MD5:   848760 bd252167a20ac7910ab3bd2b3ee9e955

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_amd64.deb
      Size/MD5:   172968 2ffca24fa53dc7bfb5c5901e193a104c
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_amd64.deb
      Size/MD5:   459186 3bb686188917d73793abc5f812d388b9
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_amd64.deb
      Size/MD5:   112794 309519051cbeac5ee4970c17c95f873f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_i386.deb
      Size/MD5:   155950 dd997be32c7b3379260bf9f9ff9576c8
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_i386.deb
      Size/MD5:   440500 16622a398c014cf6035494e0ff29d660
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_i386.deb
      Size/MD5:   103712 fe939d6535627e0fc713fb43fefa399e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1-5ubuntu0.3_powerpc.deb
      Size/MD5:   188176 88838f14d7d5da36f1f403f4c0a39b66
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1-5ubuntu0.3_powerpc.deb
      Size/MD5:   463658 3aa8bf134de05702211eafa321b06503
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubuntu0.3_powerpc.deb
      Size/MD5:   114124 de1c205214d625b875ae75c18c18078a

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.1.diff.gz
      Size/MD5:    10710 2bd5f0ece5925350446d84ee8189e071
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3-1ubuntu1.1.dsc
      Size/MD5:      756 6189550944c0b45fc86c910ed0dbcf26
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/tiff_3.7.3.orig.tar.gz
      Size/MD5:  1268182 48fbef3d76a6253699f28f49c8f25a8b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5:    47954 af59fddd16097f942f3e0e30191d28d0
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5:   219564 3ed70fe840906f3f2a1c3911a7361e29
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5:   281560 1e221cf189548ff8d6e5d1493800c05d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5:   471914 5736f410bb8db26c4249a4921491be9a
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_amd64.deb
      Size/MD5:    42792 139dc849797a3d1075afb782d6bd6c70

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5:    47346 5eddb50954c66c612b7f3512782dda0f
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5:   204506 18fdd790464fad763946019e3eacf08d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5:   258138 7034f05b5208a7e12d08f0f0f617c267
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5:   457970 6ff93fae3665cc4d755e00193bc3878d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_i386.deb
      Size/MD5:    42792 b8171ab19a074a0bb824bbf9b7e6878c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/t/tiff/libtiff-opengl_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5:    49658 ce5d543ec0f79778d91c35621a21cfb2
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5:   238916 80c0907f7bcc9ce449ab7c290f4de184
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5:   286772 43624f7226b1b4f7805b6824afabce4d
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5:   472118 0bbe31b13584e60800c85e9a1e2fd462
    http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiffxx0c2_3.7.3-1ubuntu1.1_powerpc.deb
      Size/MD5:    44986 11c16855448a486adbdd3520006845dd
    

- 漏洞信息

25230
LibTIFF libtiff/tif_color.c TIFFToRGB() Color Mapping Value Overflows
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

- 时间线

2006-02-08 Unknow
Unknow 2006-03-13

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 3.8.1, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

LibTiff TIFFToRGB Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 17809
Yes No
2006-05-03 12:00:00 2006-12-02 01:00:00
Jean-Dominique Gascuel is credited with the discovery of this vulnerability.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SGI ProPack 3.0 SP6
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
LibTIFF LibTIFF 3.8
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
LibTIFF LibTIFF 3.7.2
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
LibTIFF LibTIFF 3.7.1
LibTIFF LibTIFF 3.7
+ Slackware Linux 10.0
+ Slackware Linux -current
LibTIFF LibTIFF 3.6.1
+ Gentoo Linux 1.4
+ Gentoo Linux
+ OpenPKG OpenPKG Current
+ Turbolinux Turbolinux Server 10.0
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
LibTIFF LibTIFF 3.6 .0
LibTIFF LibTIFF 3.5.7
+ Red Hat Fedora Core2
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux 8.1
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
LibTIFF LibTIFF 3.5.5
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
LibTIFF LibTIFF 3.5.4
LibTIFF LibTIFF 3.5.3
LibTIFF LibTIFF 3.5.2
LibTIFF LibTIFF 3.5.1
LibTIFF LibTIFF 3.4
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX
LibTIFF LibTIFF 3.8.1
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1

- 不受影响的程序版本

LibTIFF LibTIFF 3.8.1
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1

- 漏洞讨论

LibTIFF is affected by a denial-of-service vulnerability.

An attacker can exploit this vulnerability to cause a denial of service in applications using the affected library.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

These issues have been addressed in version 3.8.1 and later.

Please see the referenced vendor advisories for further information.


LibTIFF LibTIFF 3.4

LibTIFF LibTIFF 3.5.1

LibTIFF LibTIFF 3.5.2

LibTIFF LibTIFF 3.5.3

LibTIFF LibTIFF 3.5.4

LibTIFF LibTIFF 3.5.5

LibTIFF LibTIFF 3.5.7

LibTIFF LibTIFF 3.6 .0

LibTIFF LibTIFF 3.6.1

LibTIFF LibTIFF 3.7

LibTIFF LibTIFF 3.7.1

LibTIFF LibTIFF 3.7.2

LibTIFF LibTIFF 3.8

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站