The remote host is affected by the vulnerability described in GLSA-200607-03 (libTIFF: Multiple buffer overflows)

    A buffer overflow has been found in the t2p_write_pdf_string function     in tiff2pdf, which can been triggered with a TIFF file containing a     DocumentName tag with UTF-8 characters. An additional buffer overflow     has been found in the handling of the parameters in tiffsplit.
  Impact :

    A remote attacker could entice a user to load a specially crafted TIFF     file, resulting in the possible execution of arbitrary code.
  Workaround :

    There is no known workaround at this time.

From Red Hat Security Advisory 2006:0603 :

Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files.

Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code.
(CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465)

All users are advised to upgrade to these updated packages, which contain backported fixes for these issues.

Updated libtiff packages that fix several security flaws are now available for Red Hat Enterprise Linux.

This update has been rated as having important security impact by the Red Hat Security Response Team.

The libtiff package contains a library of functions for manipulating TIFF (Tagged Image File Format) files.

Tavis Ormandy of Google discovered a number of flaws in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code.
(CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465)

All users are advised to upgrade to these updated packages, which contain backported fixes for these issues.

This update fixes a stack-based buffer overflow in tiffsplit that can be triggered with long filemanes (CVE-2006-2656) and a buffer overflow in tiff2pdf. Both tools are not setuid but may be exploited in conjunction with other applications. Exploitation very unlikely.

A stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename.

NOTE: tiffsplit is not setuid, and there may not be a common scenario under which tiffsplit is called with attacker-controlled command line arguments.

The updated packages have been patched to correct this issue.

The tiffsplit command contained code that handled fixed-size buffers insecurely, possibly leading to stack overflows.

This problem is fixed in the updated package.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several problems have been discovered in the TIFF library. The Common Vulnerabilities and Exposures project identifies the following issues :

  - CVE-2006-2193     SuSE discovered a buffer overflow in the conversion of     TIFF files into PDF documents which could be exploited     when tiff2pdf is used e.g. in a printer filter.

  - CVE-2006-2656     The tiffsplit command from the TIFF library contains a     buffer overflow in the commandline handling which could     be exploited when the program is executed automatically     on unknown filenames.

A buffer overflow has been found in the tiff2pdf utility. By tricking an user into processing a specially crafted TIF file with tiff2pdf, this could potentially be exploited to execute arbitrary code with the privileges of the user. (CVE-2006-2193)

A. Alejandro Hernandez discovered a buffer overflow in the tiffsplit utility. By calling tiffsplit with specially crafted long arguments, an user can execute arbitrary code. If tiffsplit is used in e. g. a web-based frontend or similar automated system, this could lead to remote arbitary code execution with the privileges of that system. (In normal interactive command line usage this is not a vulnerability.) (CVE-2006-2656).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Published	Updated	Severity
22010	GLSA-200607-03 : libTIFF: Multiple buffer overflows	Nessus	Gentoo Local Security Checks	7/10/2006	1/6/2021	high
67398	Oracle Linux 3 : libtiff (ELSA-2006-0603)	Nessus	Oracle Linux Local Security Checks	7/12/2013	1/14/2021	high
22149	RHEL 2.1 / 3 / 4 : libtiff (RHSA-2006:0603)	Nessus	Red Hat Local Security Checks	8/4/2006	1/14/2021	high
27468	openSUSE 10 Security Update : tiff (tiff-1594)	Nessus	SuSE Local Security Checks	10/17/2007	1/14/2021	high
21661	Mandrake Linux Security Advisory : libtiff (MDKSA-2006:095)	Nessus	Mandriva Local Security Checks	6/6/2006	1/6/2021	high
22161	CentOS 3 / 4 : libtiff (CESA-2006:0603)	Nessus	CentOS Local Security Checks	8/7/2006	1/4/2021	high
24116	Fedora Core 4 : libtiff-3.7.1-6.fc4.2 (2006-591)	Nessus	Fedora Local Security Checks	1/17/2007	1/11/2021	high
22633	Debian DSA-1091-1 : tiff - buffer overflows	Nessus	Debian Local Security Checks	10/14/2006	1/4/2021	high
27861	Ubuntu 5.04 / 5.10 / 6.06 LTS : tiff vulnerabilities (USN-289-1)	Nessus	Ubuntu Local Security Checks	11/10/2007	1/19/2021	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high