CVE-2006-0405 — Tiff vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.8%

top 17.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Tiff Libtiff

Timeline

PublishedJan 25

Latest updateMay 1

Description

The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDlibtiff/libtiff3.8.0

▶debiandebian/tiff< tiff 3.8.0-2 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-cghf-hqpf-m9f9: The TIFFFetchShortPair function in tif_dirread↗2022-05-01

▶

OSV

CVE-2006-0405: The TIFFFetchShortPair function in tif_dirread↗2006-01-25

▶

📋Vendor Advisories

Debian

CVE-2006-0405: tiff - The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote ...↗2006

▶

Red Hat

CVE-2006-0405: The TIFFFetchShortPair function in tif_dirread↗

▶