Intrusion Prevention

LibTiff.TIFFFetchData.Integer.Overflow

Description

This indicates a possible exploit of an integer overflow vulnerability in libtiff.
Libtiff is a library for reading and writing TIFF files, a widely used format for storing image data. It is vulnerable to an integer overflow, caused by improper bounds checking of an overly large integer value.

Affected Products

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SGI ProPack 3.0 SP6
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 2006.0 x86_64
MandrakeSoft Linux Mandrake 2006.0
MandrakeSoft Linux Mandrake 10.2 x86_64
MandrakeSoft Linux Mandrake 10.2
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
LibTIFF LibTIFF 3.8
LibTIFF LibTIFF 3.7.2
LibTIFF LibTIFF 3.7.1
LibTIFF LibTIFF 3.7
LibTIFF LibTIFF 3.6.1
LibTIFF LibTIFF 3.6.0
LibTIFF LibTIFF 3.5.7
LibTIFF LibTIFF 3.5.5
LibTIFF LibTIFF 3.5.4
LibTIFF LibTIFF 3.5.3
LibTIFF LibTIFF 3.5.2
LibTIFF LibTIFF 3.5.1
LibTIFF LibTIFF 3.4
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX

Impact

System compromise: remote code execution.

Recommended Actions

Apply the latest update from the vendor.

CVE References

CVE-2006-2025