CVE-2006-2025
published 2006-04-25CVE-2006-2025: Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and…
PriorityP336medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
10.52%
95.2th percentile
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.8.1 (bookworm) | tiff 3.8.1 (bookworm) |
| libtiff | libtiff | <= 3.8.0 | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
vendor_redhat·2025-07-03·CVSS 5.5
CVE-2025-38164 [MEDIUM] kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
In the Linux kernel, the following vulnerability has been resolved:
f2fs: zone: fix to avoid inconsistence in between SIT and SSA
w/ below testcase, it will cause inconsistence in between SIT and SSA.
create_null_blk 512 2 1024 1024
mkfs.f2fs -m /dev/nullb0
mount /dev/nullb0 /mnt/f2fs/
touch /mnt/f2fs/file
f2fs_io pinfile set /mnt/f2fs/file
fallocate -l 4GiB /mnt/f2fs/file
F2FS-fs (nullb0): Inconsistent segment (0) type [1, 0] in SSA and SIT
CPU: 5 UID: 0 PID: 2398 Comm: fallocate Tainted: G O 6.13.0-rc1 #84
Tainted: [O]=OOT_MODULE
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Call Trace:
dump_stack_lvl+0xb3/0xd0
dump_stack+0x14/0x20
f2fs_handle_critical_error+0x18c/0x220 [f2fs]
f2fs_sto
Ubuntu
TIFF library vulnerabilities
vendor_ubuntu·2006-05-04
CVE-2006-2024 TIFF library vulnerabilities
Title: TIFF library vulnerabilities
Summary: TIFF library vulnerabilities
Tavis Ormandy and Andrey Kiselev discovered that libtiff did not
sufficiently verify the validity of TIFF files. By tricking an user
into opening a specially crafted TIFF file with any application that
uses libtiff, an attacker could exploit this to crash the application
or even execute arbitrary code with the application's privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
security flaw
vendor_redhat·2006-03-03·CVSS 6.5
CVE-2006-2025 [MEDIUM] security flaw
security flaw
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
Debian
CVE-2006-2025: tiff - Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff befo...
vendor_debian·2006·CVSS 6.5
CVE-2006-2025 [MEDIUM] CVE-2006-2025: tiff - Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff befo...
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
Scope: local
bookworm: resolved (fixed in 3.8.1)
bullseye: resolved (fixed in 3.8.1)
forky: resolved (fixed in 3.8.1)
sid: resolved (fixed in 3.8.1)
trixie: resolved (fixed in 3.8.1)
Citrix
Citrix Security Bulletin CTX111695
vendor_citrix·CVSS 6.0
CVE-2006-6573 [MEDIUM] Citrix Security Bulletin CTX111695
Citrix Security Bulletin CTX111695
CVE References: CVE-2006-6573, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX110492
vendor_citrix·CVSS 6.5
CVE-2006-3779 [MEDIUM] Citrix Security Bulletin CTX110492
Citrix Security Bulletin CTX110492
CVE References: CVE-2006-3779, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX111615
vendor_citrix·CVSS 6.5
CVE-2006-6572 [MEDIUM] Citrix Security Bulletin CTX111615
Citrix Security Bulletin CTX111615
CVE References: CVE-2006-6572, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX111614
vendor_citrix·CVSS 6.5
CVE-2006-6572 [MEDIUM] Citrix Security Bulletin CTX111614
Citrix Security Bulletin CTX111614
CVE References: CVE-2006-6572, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX111186
vendor_citrix·CVSS 7.5
CVE-2006-5821 [HIGH] Citrix Security Bulletin CTX111186
Citrix Security Bulletin CTX111186
CVE References: CVE-2006-5821, CVE-2006-5861, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX111827
vendor_citrix·CVSS 6.8
CVE-2006-6334 [MEDIUM] Citrix Security Bulletin CTX111827
Citrix Security Bulletin CTX111827
CVE References: CVE-2006-6334, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX110439
vendor_citrix·CVSS 5.1
CVE-2006-4846 [MEDIUM] Citrix Security Bulletin CTX110439
Citrix Security Bulletin CTX110439
CVE References: CVE-2006-4846, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
GHSA
GHSA-qrfc-r8pv-4g98: Integer overflow in the TIFFFetchData function in tif_dirread
ghsa_unreviewed·2022-05-03
CVE-2006-2025 [MEDIUM] GHSA-qrfc-r8pv-4g98: Integer overflow in the TIFFFetchData function in tif_dirread
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
OSV
CVE-2006-2025: Integer overflow in the TIFFFetchData function in tif_dirread
osv·2006-04-25·CVSS 6.5
CVE-2006-2025 [MEDIUM] CVE-2006-2025: Integer overflow in the TIFFFetchData function in tif_dirread
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
No detection rules found.
Bugzilla
CVE-2025-38164 kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
bugzilla·2025-07-03·CVSS 5.5
CVE-2025-38164 [MEDIUM] CVE-2025-38164 kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
CVE-2025-38164 kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA
In the Linux kernel, the following vulnerability has been resolved:
f2fs: zone: fix to avoid inconsistence in between SIT and SSA
w/ below testcase, it will cause inconsistence in between SIT and SSA.
create_null_blk 512 2 1024 1024
mkfs.f2fs -m /dev/nullb0
mount /dev/nullb0 /mnt/f2fs/
touch /mnt/f2fs/file
f2fs_io pinfile set /mnt/f2fs/file
fallocate -l 4GiB /mnt/f2fs/file
F2FS-fs (nullb0): Inconsistent segment (0) type [1, 0] in SSA and SIT
CPU: 5 UID: 0 PID: 2398 Comm: fallocate Tainted: G O 6.13.0-rc1 #84
Tainted: [O]=OOT_MODULE
Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
Call Trace:
dump_stack_lvl+0xb3/0xd0
dump_stack+0x14/0x20
f2fs_handle_critical_error+0x18c/0x
Bugzilla
CVE-2006-2025 security flaw
bugzilla·2018-08-16·CVSS 6.5
CVE-2006-2025 [MEDIUM] CVE-2006-2025 security flaw
CVE-2006-2025 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
arXiv
Path-wise Vulnerability Mitigation
arxiv_fulltext·2024-05-25
Path-wise Vulnerability Mitigation
Path-wise Vulnerability Mitigation
Zhen Huang1 Hiristina Dokic2
DePaul University, Chicago IL, USA \ [email protected]
DePaul University, Chicago IL, USA \ @depaul.edu
0
First Author10000-1111-2222-3333
Second Author2,31111-2222-3333-4444
Third Author32222--3333-4444-5555
F. Author et al.
Princeton University, Princeton NJ 08544, USA
Springer Heidelberg, Tiergartenstr. 17, 69121 Heidelberg, Germany
[email protected]
http://www.springer.com/gp/computer-science/lncs
ABC Institute, Rupert-Karls-University Heidelberg, Heidelberg, Germany
\abc,lncs\@uni-heidelberg.de
## Abstract
Software vulnerabilities are prevalent but fixing software vulnerabilities is not trivial. Studies have shown that a considerable pre-patch window exists because it often takes weeks or months for software vendo
Tenable
Red Hat Compliance Audit
blogs_tenable·2006-08-31·CVSS 5.3
[MEDIUM] Red Hat Compliance Audit
Blog /
Subscribe
# Red Hat Compliance Audit
Ron Gula
August 31, 2006
0 Min Read
Tenable's research group recently added a Nessus 3 audit policy for Red Hat Linux. This allows Direct Feed users who are auditing missing security patches with SSH credentials to also ensure the system has been properly locked down.
The audit tests for several hundred different items such as the permissions of /var/log/messages and if any user accounts have poor permissions in their home directories. Audit files for Solaris, security recommendations from CERT and generic UNIX checks are also available in addition to many checks for a variety of Windows policies.
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code exe
Tenable
CentOS Patch Auditing
blogs_tenable·2006-07-19·CVSS 5.3
CVE-2025-4427 [MEDIUM] CentOS Patch Auditing
Blog / Products
Subscribe
# CentOS Patch Auditing
Ron Gula
July 19, 2006
0 Min Read
Tenable is now tracking patch updates to the CentOS Linux operating system. The Nessus Direct and Registered feeds are now updated with host-based patch audits for CentOS. There are more than 200 audits currently available at the time of this post writing.
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
By
Ben Smith
April 11, 2025
## Cybersecurity Snapshot: Beware of Mobile Spyware Attacks, Cyber Agencies Warn, While Corporate Boards Get Cyber Governance Guidance
Check out wh
Tenable
Detecting when Credentials Fail
blogs_tenable·2006-07-19·CVSS 5.3
[MEDIUM] Detecting when Credentials Fail
Blog / Products
Subscribe
# Detecting when Credentials Fail
Ron Gula
July 19, 2006
0 Min Read
If you are using Nessus to perform credentialed audits of UNIX or Windows systems, analyzing the results to determine if you had the correct passwords and SSH keys can be difficult. Nessus users can now easily detect if their credentials are not working. Tenable has added Nessus plugin #21745. This plugin detects if either SSH or Windows credentials didn't allow the scan to log into the remote host.
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Remote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks
By
Ben Smith
April 11
ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://bugzilla.remotesensing.org/show_bug.cgi?id=1102http://secunia.com/advisories/19838http://secunia.com/advisories/19897http://secunia.com/advisories/19936http://secunia.com/advisories/19949http://secunia.com/advisories/19964http://secunia.com/advisories/20021http://secunia.com/advisories/20023http://secunia.com/advisories/20210http://secunia.com/advisories/20345http://secunia.com/advisories/20667http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1http://support.avaya.com/elmodocs2/security/ASA-2006-119.htmhttp://www.debian.org/security/2006/dsa-1054http://www.gentoo.org/security/en/glsa/glsa-200605-17.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:082http://www.novell.com/linux/security/advisories/2006_04_28.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0425.htmlhttp://www.securityfocus.com/bid/17732http://www.trustix.org/errata/2006/0024http://www.vupen.com/english/advisories/2006/1563https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933https://exchange.xforce.ibmcloud.com/vulnerabilities/26134https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10593https://usn.ubuntu.com/277-1/ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.aschttp://bugzilla.remotesensing.org/show_bug.cgi?id=1102http://secunia.com/advisories/19838http://secunia.com/advisories/19897http://secunia.com/advisories/19936http://secunia.com/advisories/19949http://secunia.com/advisories/19964http://secunia.com/advisories/20021http://secunia.com/advisories/20023http://secunia.com/advisories/20210http://secunia.com/advisories/20345http://secunia.com/advisories/20667http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1http://support.avaya.com/elmodocs2/security/ASA-2006-119.htmhttp://www.debian.org/security/2006/dsa-1054http://www.gentoo.org/security/en/glsa/glsa-200605-17.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:082http://www.novell.com/linux/security/advisories/2006_04_28.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0425.htmlhttp://www.securityfocus.com/bid/17732http://www.trustix.org/errata/2006/0024http://www.vupen.com/english/advisories/2006/1563https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933https://exchange.xforce.ibmcloud.com/vulnerabilities/26134https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10593https://usn.ubuntu.com/277-1/
2006-04-25
Published