Vulnerability Details : CVE-2006-2026
Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Products affected by CVE-2006-2026
- cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2026
0.80%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-2026
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2006-2026
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-2026
-
https://usn.ubuntu.com/277-1/
404: Page not found | Ubuntu
-
http://www.novell.com/linux/security/advisories/2006_04_28.html
404 Page Not Found | SUSE
-
http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml
libTIFF: Multiple vulnerabilities (GLSA 200605-17) — Gentoo security
-
http://www.debian.org/security/2006/dsa-1054
[SECURITY] [DSA 1054-1] New TIFF packages fix denial of service and arbitrary code execution
-
http://www.redhat.com/support/errata/RHSA-2006-0425.html
Support
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/26135
LibTIFF tif_jpeg.c double-free memory corruption CVE-2006-2026 Vulnerability Report
-
http://www.securityfocus.com/bid/17733
-
http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm
ASA-2006-119 (RHSA-2006-0425)
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:082
Mandriva
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11389
404 Not Found
-
http://www.vupen.com/english/advisories/2006/1563
Site en construction
-
http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
Exploit;Patch
-
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
189933 – CVE-2006-2024 multiple libtiff issues (CVE-2006-2025, CVE-2006-2026)Exploit;Patch
-
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
-
http://www.trustix.org/errata/2006/0024
Trustix | Empowering Trust and Security in the Digital Age
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1
Jump to