DSA-1054-1

Details

Vulnerability : several Problem type : remote Debian-specific: no CVE IDs : CAN-2006-2024 CAN-2006-2025 CAN-2006-2026 BugTraq IDs : 17730 17732 17733

Tavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-2024

Multiple vulnerabilities allow attackers to cause a denial of
service.

CVE-2006-2025

An integer overflows allows attackers to cause a denial of service
and possibly execute arbitrary code.

CVE-2006-2026

A double-free vulnerability allows attackers to cause a denial of
service and possibly execute arbitrary code.

Affected Packages

tiff

Debian 3.0

Fixed in:

3.5.5-7woody1

tiff

Debian 3.1

Fixed in:

3.7.2-3sarge1

References

ADVISORYhttps://security-tracker.debian.org/tracker/DSA-1054-1

DSA-1054-1

Details

Affected Packages

References

Upstream

Ecosystems

Timeline