Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2025 — Tiff vulnerability

23 documents13 sources

Severity

6.5MEDIUMNVD

EPSS

7.4%

top 8.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Tiff Libtiff

Timeline

PublishedApr 25

Latest updateJul 3

Description

Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶NVDlibtiff/libtiff3.8.0+12

▶debiandebian/tiff< tiff 3.8.1 (bookworm)

Patches

Patch: bugzilla.remotesensing.org ↗Patch: bugzilla.redhat.com ↗Patch: bugzilla.remotesensing.org ↗

🔴Vulnerability Details

GHSA

GHSA-qrfc-r8pv-4g98: Integer overflow in the TIFFFetchData function in tif_dirread↗2022-05-03

▶

OSV

CVE-2006-2025: Integer overflow in the TIFFFetchData function in tif_dirread↗2006-04-25

▶

💥Exploits & PoCs

Exploit-DB

LibTiff 3.x - TIFFFetchData Integer Overflow↗2006-04-28

▶

📋Vendor Advisories

Red Hat

kernel: f2fs: zone: fix to avoid inconsistence in between SIT and SSA↗2025-07-03

▶

Ubuntu

TIFF library vulnerabilities↗2006-05-04

▶

Red Hat

security flaw↗2006-03-03

▶

Debian

CVE-2006-2025: tiff - Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff befo...↗2006

▶

Citrix

Citrix Security Bulletin CTX111695↗

▶

🕵️Threat Intelligence

Tenable

Red Hat Compliance Audit↗2006-08-31

▶

Tenable

CentOS Patch Auditing↗2006-07-19

▶

Tenable

Detecting when Credentials Fail↗2006-07-19

▶

📄Research Papers

arXiv

Path-wise Vulnerability Mitigation↗2024-05-25

▶

💬Community

Bugzilla

CVE-2006-2025 security flaw↗2018-08-16

▶