BID:17730

LibTiff Multiple Denial of Service Vulnerabilities

Info

LibTiff Multiple Denial of Service Vulnerabilities

Bugtraq ID:	17730
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2006-2024
Remote:	Yes
Local:	No
Published:	Apr 28 2006 12:00AM
Updated:	Sep 04 2008 06:34PM
Credit:	Tavis Ormandy is credited with the discovery of these vulnerabilities.
Vulnerable:	Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10_x86 Sun Solaris 10 SGI ProPack 3.0 SP6 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 LibTIFF LibTIFF 3.8 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.7.2 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.7.1 LibTIFF LibTIFF 3.7 + Slackware Linux 10.0 + Slackware Linux -current LibTIFF LibTIFF 3.6.1 + Gentoo Linux 1.4 + Gentoo Linux + OpenPKG OpenPKG Current + Turbolinux Turbolinux Server 10.0 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 LibTIFF LibTIFF 3.6 .0 LibTIFF LibTIFF 3.5.7 + Redhat Fedora Core2 + Slackware Linux 9.1 + Slackware Linux 9.0 + Slackware Linux 8.1 + Turbolinux Appliance Server Hosting Edition 1.0 + Turbolinux Appliance Server Workgroup Edition 1.0 + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 8.0 LibTIFF LibTIFF 3.5.5 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 LibTIFF LibTIFF 3.5.4 LibTIFF LibTIFF 3.5.3 LibTIFF LibTIFF 3.5.2 LibTIFF LibTIFF 3.5.1 LibTIFF LibTIFF 3.4 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 Avaya Messaging Storage Server Avaya Message Networking Avaya Intuity LX

Not Vulnerable:	LibTIFF LibTIFF 3.8.1 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1

Discussion

LibTiff Multiple Denial of Service Vulnerabilities

LibTIFF is affected by multiple denial-of-service vulnerabilities.

An attacker can exploit these vulnerabilities to cause a denial of service in applications using the affected library.

Exploit / POC

LibTiff Multiple Denial of Service Vulnerabilities

The following proofs of concept are available:

/data/vulnerabilities/exploits/input.tiff.0
/data/vulnerabilities/exploits/input.tiff.1
/data/vulnerabilities/exploits/input.tiff.100

Solution / Fix

LibTiff Multiple Denial of Service Vulnerabilities

Solution:
These issues have been addressed in LibTIFF 3.8.1.

Please see the referenced vendor advisories for more information.

Sun Solaris 8_sparc

Sun 139093-01
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -139093-01-1

Sun Solaris 10

Sun 119900-03
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119900-03-1

Sun Solaris 10_x86

Sun 119901-03
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119901-03-1

Sun Solaris 9

Sun 125673-01
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125673-01-1

Sun Solaris 9_x86

Sun 125674-01
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125674-01-1

Sun Solaris 8_x86

Sun 139094-01
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -139094-01-1

LibTIFF LibTIFF 3.5.5

Debian libtiff-tools_3.5.5-7woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_alpha.deb

Debian libtiff-tools_3.5.5-7woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_arm.deb

Debian libtiff-tools_3.5.5-7woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_hppa.deb

Debian libtiff-tools_3.5.5-7woody1_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_i386.deb

Debian libtiff-tools_3.5.5-7woody1_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_ia64.deb

Debian libtiff-tools_3.5.5-7woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_m68k.deb

Debian libtiff-tools_3.5.5-7woody1_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_mips.deb

Debian libtiff-tools_3.5.5-7woody1_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_mipsel.deb

Debian libtiff-tools_3.5.5-7woody1_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_powerpc.deb

Debian libtiff-tools_3.5.5-7woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_s390.deb

Debian libtiff-tools_3.5.5-7woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_sparc.deb

Debian libtiff3g-dev_3.5.5-7woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_alpha.deb

Debian libtiff3g-dev_3.5.5-7woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_arm.deb

Debian libtiff3g-dev_3.5.5-7woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_hppa.deb

Debian libtiff3g-dev_3.5.5-7woody1_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_i386.deb

Debian libtiff3g-dev_3.5.5-7woody1_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_ia64.deb

Debian libtiff3g-dev_3.5.5-7woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_m68k.deb

Debian libtiff3g-dev_3.5.5-7woody1_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_mips.deb

Debian libtiff3g-dev_3.5.5-7woody1_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_mipsel.deb

Debian libtiff3g-dev_3.5.5-7woody1_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_powerpc.deb

Debian libtiff3g-dev_3.5.5-7woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_s390.deb

Debian libtiff3g-dev_3.5.5-7woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_sparc.deb

Debian libtiff3g_3.5.5-7woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_alpha.deb

Debian libtiff3g_3.5.5-7woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_arm.deb

Debian libtiff3g_3.5.5-7woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_hppa.deb

Debian libtiff3g_3.5.5-7woody1_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_i386.deb

Debian libtiff3g_3.5.5-7woody1_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_ia64.deb

Debian libtiff3g_3.5.5-7woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_m68k.deb

Debian libtiff3g_3.5.5-7woody1_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_mips.deb

Debian libtiff3g_3.5.5-7woody1_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_mipsel.deb

Debian libtiff3g_3.5.5-7woody1_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_powerpc.deb

Debian libtiff3g_3.5.5-7woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_s390.deb

Debian libtiff3g_3.5.5-7woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_sparc.deb

Mandriva libtiff-3.5.7-11.9.M20mdk.src.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-3.5.7-11.9.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

LibTIFF LibTIFF 3.5.7

Mandriva lib64tiff3-3.5.7-11.9.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-devel-3.5.7-11.9.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-static-devel-3.5.7-11.9.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva libtiff-3.5.7-11.9.C30mdk.src.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.5.7-11.9.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.5.7-11.9.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-3.5.7-11.9.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-devel-3.5.7-11.9.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-static-devel-3.5.7-11.9.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

LibTIFF LibTIFF 3.6.1

Mandriva lib64tiff3-3.6.1-11.3.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-3.6.1-12.2.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-devel-3.6.1-11.3.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-devel-3.6.1-12.2.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-static-devel-3.6.1-11.3.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-static-devel-3.6.1-12.2.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva libtiff-3.6.1-11.3.102mdk.src.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff-3.6.1-12.2.20060mdk.src.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.6.1-11.3.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.6.1-11.3.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.6.1-12.2.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.6.1-12.2.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-3.6.1-11.3.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff3-3.6.1-12.2.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-devel-3.6.1-11.3.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff3-devel-3.6.1-12.2.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-static-devel-3.6.1-11.3.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff3-static-devel-3.6.1-12.2.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

LibTIFF LibTIFF 3.7.2

Debian libtiff-opengl_3.7.2-3sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_alpha.deb

Debian libtiff-opengl_3.7.2-3sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_amd64.deb

Debian libtiff-opengl_3.7.2-3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_arm.deb

Debian libtiff-opengl_3.7.2-3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_hppa.deb

Debian libtiff-opengl_3.7.2-3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_i386.deb

Debian libtiff-opengl_3.7.2-3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_ia64.deb

Debian libtiff-opengl_3.7.2-3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_m68k.deb

Debian libtiff-opengl_3.7.2-3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_mips.deb

Debian libtiff-opengl_3.7.2-3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_mipsel.deb

Debian libtiff-opengl_3.7.2-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_powerpc.deb

Debian libtiff-opengl_3.7.2-3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_s390.deb

Debian libtiff-opengl_3.7.2-3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_sparc.deb

Debian libtiff-tools_3.7.2-3sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_alpha.deb

Debian libtiff-tools_3.7.2-3sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_amd64.deb

Debian libtiff-tools_3.7.2-3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_arm.deb

Debian libtiff-tools_3.7.2-3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_hppa.deb

Debian libtiff-tools_3.7.2-3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_i386.deb

Debian libtiff-tools_3.7.2-3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_ia64.deb

Debian libtiff-tools_3.7.2-3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_m68k.deb

Debian libtiff-tools_3.7.2-3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_mips.deb

Debian libtiff-tools_3.7.2-3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_mipsel.deb

Debian libtiff-tools_3.7.2-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_powerpc.deb

Debian libtiff-tools_3.7.2-3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_s390.deb

Debian libtiff-tools_3.7.2-3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_sparc.deb

Debian libtiff4-dev_3.7.2-3sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_alpha.deb

Debian libtiff4-dev_3.7.2-3sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_amd64.deb

Debian libtiff4-dev_3.7.2-3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_arm.deb

Debian libtiff4-dev_3.7.2-3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_hppa.deb

Debian libtiff4-dev_3.7.2-3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_i386.deb

Debian libtiff4-dev_3.7.2-3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_ia64.deb

Debian libtiff4-dev_3.7.2-3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_m68k.deb

Debian libtiff4-dev_3.7.2-3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_mips.deb

Debian libtiff4-dev_3.7.2-3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_mipsel.deb

Debian libtiff4-dev_3.7.2-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_powerpc.deb

Debian libtiff4-dev_3.7.2-3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_s390.deb

Debian libtiff4-dev_3.7.2-3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_sparc.deb

Debian libtiff4_3.7.2-3sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_alpha.deb

Debian libtiff4_3.7.2-3sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_amd64.deb

Debian libtiff4_3.7.2-3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_arm.deb

Debian libtiff4_3.7.2-3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_hppa.deb

Debian libtiff4_3.7.2-3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_i386.deb

Debian libtiff4_3.7.2-3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_ia64.deb

Debian libtiff4_3.7.2-3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_m68k.deb

Debian libtiff4_3.7.2-3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_mips.deb

Debian libtiff4_3.7.2-3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_mipsel.deb

Debian libtiff4_3.7.2-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_powerpc.deb

Debian libtiff4_3.7.2-3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_s390.deb

Debian libtiff4_3.7.2-3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_sparc.deb

Debian libtiffxx0_3.7.2-3sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_alpha.deb

Debian libtiffxx0_3.7.2-3sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_amd64.deb

Debian libtiffxx0_3.7.2-3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_arm.deb

Debian libtiffxx0_3.7.2-3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_hppa.deb

Debian libtiffxx0_3.7.2-3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_i386.deb

Debian libtiffxx0_3.7.2-3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_ia64.deb

Debian libtiffxx0_3.7.2-3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_m68k.deb

Debian libtiffxx0_3.7.2-3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_mips.deb

Debian libtiffxx0_3.7.2-3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_mipsel.deb

Debian libtiffxx0_3.7.2-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_powerpc.deb

Debian libtiffxx0_3.7.2-3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_s390.deb

Debian libtiffxx0_3.7.2-3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_sparc.deb

References

LibTiff Multiple Denial of Service Vulnerabilities

References:

ASA-2006-119 - libtiff security update (RHSA-2006-0425) (Avaya)
libtiff crashes on pathological input (Tavis Ormandy)
LibTIFF Homepage (LibTIFF)
RHSA-2006:0425-5 - libtiff security update (RedHat)
Several libtiff issues were reported upstream in this bug (Josh Bressers)
Solution 201332 : Multiple Security Vulnerabilities in the Solaris Tag Image (Sun)