Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2024Signal Handler Race Condition in Tiff

CWE-364Signal Handler Race Condition15 documents12 sources
Severity
4.0MEDIUMNVD
EPSS
15.0%
top 5.42%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Debian TiffLibtiff
Timeline
PublishedApr 25
Latest updateJul 1

Description

Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

NVDlibtiff/libtiff3.8.0+12
debiandebian/tiff< tiff 3.8.1 (bookworm)

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-gcqf-gvjg-mhm8: Multiple vulnerabilities in libtiff before 32022-05-03
OSV
CVE-2006-2024: Multiple vulnerabilities in libtiff before 32006-04-25

💥Exploits & PoCs

1
Exploit-DB
LibTiff 3.x - Multiple Denial of Service Vulnerabilities2006-04-28

📋Vendor Advisories

5
Red Hat
openssh: regreSSHion - race condition in SSH allows RCE/DoS2024-07-01
Ubuntu
TIFF library vulnerabilities2006-05-04
Red Hat
security flaw2006-03-03
Debian
CVE-2006-2024: tiff - Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attacke...2006
Cisco
Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server (regreSSHion): July 2024

💬Community

1
Bugzilla
CVE-2006-2024 security flaw2018-08-16