Executive Summary

Informations
Name CVE-2006-2025 First vendor Publication 2006-04-25
Vendor Cve Last vendor Modification 2018-10-03

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Cvss Base Score 6.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10593
 
Oval ID: oval:org.mitre.oval:def:10593
Title: Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
Description: Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
Family: unix Class: vulnerability
Reference(s): CVE-2006-2025
 Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
 Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 39

OpenVAS Exploits

Date Description
2008-09-24 Name : Gentoo Security Advisory GLSA 200605-17 (libtiff)
File : nvt/glsa_200605_17.nasl
2008-01-17 Name : Debian Security Advisory DSA 1054-1 (tiff)
File : nvt/deb_1054_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
25019 LibTIFF tif_dirread.c TIFFFetchData Function Overflow

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Office TIFF filter buffer overflow attempt
RuleID : 28391 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office TIFF filter buffer overflow attempt
RuleID : 28390 - Revision : 3 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2006-0648.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1054.nasl - Type : ACT_GATHER_INFO
2006-08-30 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0648.nasl - Type : ACT_GATHER_INFO
2006-08-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0648.nasl - Type : ACT_GATHER_INFO
2006-07-03 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2006-0425.nasl - Type : ACT_GATHER_INFO
2006-05-31 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200605-17.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote Mandrake Linux host is missing one or more security updates.
File : mandrake_MDKSA-2006-082.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2006-0425.nasl - Type : ACT_GATHER_INFO
2006-05-13 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-277-1.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/17732
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933
DEBIAN http://www.debian.org/security/2006/dsa-1054
GENTOO http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml
MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:082
MISC http://bugzilla.remotesensing.org/show_bug.cgi?id=1102
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
REDHAT http://www.redhat.com/support/errata/RHSA-2006-0425.html
SECUNIA http://secunia.com/advisories/19838
http://secunia.com/advisories/19897
http://secunia.com/advisories/19936
http://secunia.com/advisories/19949
http://secunia.com/advisories/19964
http://secunia.com/advisories/20021
http://secunia.com/advisories/20023
http://secunia.com/advisories/20210
http://secunia.com/advisories/20345
http://secunia.com/advisories/20667
SGI ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1
SUSE http://www.novell.com/linux/security/advisories/2006_04_28.html
TRUSTIX http://www.trustix.org/errata/2006/0024
UBUNTU https://usn.ubuntu.com/277-1/
VUPEN http://www.vupen.com/english/advisories/2006/1563
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/26134

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
Date Informations
2021-05-04 12:03:58
  • Multiple Updates
2021-04-22 01:04:31
  • Multiple Updates
2020-05-23 01:37:33
  • Multiple Updates
2020-05-23 00:17:43
  • Multiple Updates
2018-10-04 00:19:28
  • Multiple Updates
2017-10-11 09:23:40
  • Multiple Updates
2017-07-20 09:23:32
  • Multiple Updates
2016-04-26 14:33:17
  • Multiple Updates
2014-02-17 10:35:39
  • Multiple Updates
2014-01-19 21:23:17
  • Multiple Updates
2013-05-11 10:55:29
  • Multiple Updates