CVE-2006-2024

Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain codec cleanup methods in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.

Affected Software

Name	Vendor	Start Version	End Version
Libtiff	Libtiff	*	3.8.0 (including)
Libtiff	Libtiff	3.4 (including)	3.4 (including)
Libtiff	Libtiff	3.5.1 (including)	3.5.1 (including)
Libtiff	Libtiff	3.5.2 (including)	3.5.2 (including)
Libtiff	Libtiff	3.5.3 (including)	3.5.3 (including)
Libtiff	Libtiff	3.5.4 (including)	3.5.4 (including)
Libtiff	Libtiff	3.5.5 (including)	3.5.5 (including)
Libtiff	Libtiff	3.5.6 (including)	3.5.6 (including)
Libtiff	Libtiff	3.5.7 (including)	3.5.7 (including)
Libtiff	Libtiff	3.6.0 (including)	3.6.0 (including)
Libtiff	Libtiff	3.6.1 (including)	3.6.1 (including)
Libtiff	Libtiff	3.7.0 (including)	3.7.0 (including)
Libtiff	Libtiff	3.7.1 (including)	3.7.1 (including)
Red Hat Enterprise Linux 3	RedHat	libtiff-0:3.5.7-25.el3.1	*
Red Hat Enterprise Linux 3	RedHat	kdegraphics-7:3.1.3-3.10	*
Red Hat Enterprise Linux 4	RedHat	libtiff-0:3.6.1-10	*
Tiff	Ubuntu	dapper	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2024
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References