Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

Debian Security Advisory DSA 1054-1 (tiff)

Information

Severity

Severity

Medium

Family

Family

Debian Local Security Checks

CVSSv2 Base

CVSSv2 Base

6.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

5 years ago

Summary

The remote host is missing an update to tiff announced via advisory DSA 1054-1. Tavis Ormandy discovered several vulnerabilities in the TIFF library that can lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-2024 Multiple vulnerabilities allow attackers to cause a denial of service. CVE-2006-2025 An integer overflows allows attackers to cause a denial of service and possibly execute arbitrary code. CVE-2006-2026 A double-free vulnerability allows attackers to cause a denial of service and possibly execute arbitrary code. For the old stable distribution (woody) these problems have been fixed in version 3.5.5-7woody1.

Solution

Solution

For the stable distribution (sarge) these problems have been fixed in version 3.7.2-3sarge1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your libtiff packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201054-1