LibTiff TIFFFetchData Integer Overflow Vulnerability

Bugtraq ID:	17732
Class:	Boundary Condition Error
CVE:	CVE-2006-2025
Remote:	Yes
Local:	No
Published:	Apr 28 2006 12:00AM
Updated:	Sep 04 2008 07:04PM
Credit:	Tavis Ormandy is credited with the discovery of this vulnerability.
Vulnerable:	Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10_x86 Sun Solaris 10 SGI ProPack 3.0 SP6 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 LibTIFF LibTIFF 3.8 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.7.2 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.7.1 LibTIFF LibTIFF 3.7 + Slackware Linux 10.0 + Slackware Linux -current LibTIFF LibTIFF 3.6.1 + Gentoo Linux 1.4 + Gentoo Linux + OpenPKG OpenPKG Current + Turbolinux Turbolinux Server 10.0 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 LibTIFF LibTIFF 3.6 .0 LibTIFF LibTIFF 3.5.7 + Redhat Fedora Core2 + Slackware Linux 9.1 + Slackware Linux 9.0 + Slackware Linux 8.1 + Turbolinux Appliance Server Hosting Edition 1.0 + Turbolinux Appliance Server Workgroup Edition 1.0 + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 8.0 LibTIFF LibTIFF 3.5.5 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 LibTIFF LibTIFF 3.5.4 LibTIFF LibTIFF 3.5.3 LibTIFF LibTIFF 3.5.2 LibTIFF LibTIFF 3.5.1 LibTIFF LibTIFF 3.4 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 Avaya Messaging Storage Server Avaya Message Networking Avaya Intuity LX
Not Vulnerable:	LibTIFF LibTIFF 3.8.1 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1

LibTiff TIFFFetchData Integer Overflow Vulnerability

Applications using the LibTIFF library are prone to an integer-overflow vulnerability.

An attacker could exploit this vulnerability to execute arbitrary code in the context of the vulnerable application that uses the affected library. Failed exploit attempts will likely cause denial-of-service conditions.

LibTiff TIFFFetchData Integer Overflow Vulnerability

The following proof-of-concept exploit is available:

• /data/vulnerabilities/exploits/input.tiff.11

LibTiff TIFFFetchData Integer Overflow Vulnerability

Solution:
A fix is available. Please see the referenced vendor advisories for further information.


Sun Solaris 8_sparc

• Sun 139093-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -139093-01-1

Sun Solaris 10

• Sun 119900-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119900-03-1

Sun Solaris 10_x86

• Sun 119901-03
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119901-03-1

Sun Solaris 9

• Sun 125673-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125673-01-1

Sun Solaris 9_x86

• Sun 125674-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125674-01-1

Sun Solaris 8_x86

• Sun 139094-01
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -139094-01-1

LibTIFF LibTIFF 3.5.5

• Debian libtiff-tools_3.5.5-7woody1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_alpha.deb


• Debian libtiff-tools_3.5.5-7woody1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_arm.deb


• Debian libtiff-tools_3.5.5-7woody1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_hppa.deb


• Debian libtiff-tools_3.5.5-7woody1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_i386.deb


• Debian libtiff-tools_3.5.5-7woody1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_ia64.deb


• Debian libtiff-tools_3.5.5-7woody1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_m68k.deb


• Debian libtiff-tools_3.5.5-7woody1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_mips.deb


• Debian libtiff-tools_3.5.5-7woody1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_mipsel.deb


• Debian libtiff-tools_3.5.5-7woody1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_powerpc.deb


• Debian libtiff-tools_3.5.5-7woody1_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_s390.deb


• Debian libtiff-tools_3.5.5-7woody1_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_sparc.deb


• Debian libtiff3g-dev_3.5.5-7woody1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_alpha.deb


• Debian libtiff3g-dev_3.5.5-7woody1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_arm.deb


• Debian libtiff3g-dev_3.5.5-7woody1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_hppa.deb


• Debian libtiff3g-dev_3.5.5-7woody1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_i386.deb


• Debian libtiff3g-dev_3.5.5-7woody1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_ia64.deb


• Debian libtiff3g-dev_3.5.5-7woody1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_m68k.deb


• Debian libtiff3g-dev_3.5.5-7woody1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_mips.deb


• Debian libtiff3g-dev_3.5.5-7woody1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_mipsel.deb


• Debian libtiff3g-dev_3.5.5-7woody1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_powerpc.deb


• Debian libtiff3g-dev_3.5.5-7woody1_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_s390.deb


• Debian libtiff3g-dev_3.5.5-7woody1_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_sparc.deb


• Debian libtiff3g_3.5.5-7woody1_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_alpha.deb


• Debian libtiff3g_3.5.5-7woody1_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_arm.deb


• Debian libtiff3g_3.5.5-7woody1_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_hppa.deb


• Debian libtiff3g_3.5.5-7woody1_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_i386.deb


• Debian libtiff3g_3.5.5-7woody1_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_ia64.deb


• Debian libtiff3g_3.5.5-7woody1_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_m68k.deb


• Debian libtiff3g_3.5.5-7woody1_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_mips.deb


• Debian libtiff3g_3.5.5-7woody1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_mipsel.deb


• Debian libtiff3g_3.5.5-7woody1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_powerpc.deb


• Debian libtiff3g_3.5.5-7woody1_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_s390.deb


• Debian libtiff3g_3.5.5-7woody1_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_sparc.deb


• Mandriva libtiff-3.5.7-11.9.M20mdk.src.rpm
  Multi Network Firewall 2.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff3-3.5.7-11.9.M20mdk.i586.rpm
  Multi Network Firewall 2.0:
  http://www.mandriva.com/en/download

LibTIFF LibTIFF 3.5.7

• Mandriva lib64tiff3-3.5.7-11.9.C30mdk.x86_64.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva lib64tiff3-devel-3.5.7-11.9.C30mdk.x86_64.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva lib64tiff3-static-devel-3.5.7-11.9.C30mdk.x86_64.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff-3.5.7-11.9.C30mdk.src.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff-progs-3.5.7-11.9.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff-progs-3.5.7-11.9.C30mdk.x86_64.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff3-3.5.7-11.9.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff3-devel-3.5.7-11.9.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff3-static-devel-3.5.7-11.9.C30mdk.i586.rpm
  Corporate 3.0:
  http://www.mandriva.com/en/download

LibTIFF LibTIFF 3.6.1

• Mandriva lib64tiff3-3.6.1-11.3.102mdk.x86_64.rpm
  Mandriva Linux 10.2:
  http://www.mandriva.com/en/download


• Mandriva lib64tiff3-3.6.1-12.2.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva lib64tiff3-devel-3.6.1-11.3.102mdk.x86_64.rpm
  Mandriva Linux 10.2:
  http://www.mandriva.com/en/download


• Mandriva lib64tiff3-devel-3.6.1-12.2.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva lib64tiff3-static-devel-3.6.1-11.3.102mdk.x86_64.rpm
  Mandriva Linux 10.2:
  http://www.mandriva.com/en/download


• Mandriva lib64tiff3-static-devel-3.6.1-12.2.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff-3.6.1-11.3.102mdk.src.rpm
  Mandriva Linux 10.2:
  http://www.mandriva.com/en/download


• Mandriva libtiff-3.6.1-12.2.20060mdk.src.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff-progs-3.6.1-11.3.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://www.mandriva.com/en/download


• Mandriva libtiff-progs-3.6.1-11.3.102mdk.x86_64.rpm
  Mandriva Linux 10.2:
  http://www.mandriva.com/en/download


• Mandriva libtiff-progs-3.6.1-12.2.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff-progs-3.6.1-12.2.20060mdk.x86_64.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff3-3.6.1-11.3.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://www.mandriva.com/en/download


• Mandriva libtiff3-3.6.1-12.2.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff3-devel-3.6.1-11.3.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://www.mandriva.com/en/download


• Mandriva libtiff3-devel-3.6.1-12.2.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download


• Mandriva libtiff3-static-devel-3.6.1-11.3.102mdk.i586.rpm
  Mandriva Linux 10.2:
  http://www.mandriva.com/en/download


• Mandriva libtiff3-static-devel-3.6.1-12.2.20060mdk.i586.rpm
  Mandriva Linux 2006.0:
  http://www.mandriva.com/en/download

LibTIFF LibTIFF 3.7.2

• Debian libtiff-opengl_3.7.2-3sarge1_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_alpha.deb


• Debian libtiff-opengl_3.7.2-3sarge1_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_amd64.deb


• Debian libtiff-opengl_3.7.2-3sarge1_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_arm.deb


• Debian libtiff-opengl_3.7.2-3sarge1_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_hppa.deb


• Debian libtiff-opengl_3.7.2-3sarge1_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_i386.deb


• Debian libtiff-opengl_3.7.2-3sarge1_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_ia64.deb


• Debian libtiff-opengl_3.7.2-3sarge1_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_m68k.deb


• Debian libtiff-opengl_3.7.2-3sarge1_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_mips.deb


• Debian libtiff-opengl_3.7.2-3sarge1_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_mipsel.deb


• Debian libtiff-opengl_3.7.2-3sarge1_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_powerpc.deb


• Debian libtiff-opengl_3.7.2-3sarge1_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_s390.deb


• Debian libtiff-opengl_3.7.2-3sarge1_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_sparc.deb


• Debian libtiff-tools_3.7.2-3sarge1_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_alpha.deb


• Debian libtiff-tools_3.7.2-3sarge1_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_amd64.deb


• Debian libtiff-tools_3.7.2-3sarge1_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_arm.deb


• Debian libtiff-tools_3.7.2-3sarge1_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_hppa.deb


• Debian libtiff-tools_3.7.2-3sarge1_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_i386.deb


• Debian libtiff-tools_3.7.2-3sarge1_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_ia64.deb


• Debian libtiff-tools_3.7.2-3sarge1_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_m68k.deb


• Debian libtiff-tools_3.7.2-3sarge1_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_mips.deb


• Debian libtiff-tools_3.7.2-3sarge1_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_mipsel.deb


• Debian libtiff-tools_3.7.2-3sarge1_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_powerpc.deb


• Debian libtiff-tools_3.7.2-3sarge1_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_s390.deb


• Debian libtiff-tools_3.7.2-3sarge1_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_sparc.deb


• Debian libtiff4-dev_3.7.2-3sarge1_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_alpha.deb


• Debian libtiff4-dev_3.7.2-3sarge1_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_amd64.deb


• Debian libtiff4-dev_3.7.2-3sarge1_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_arm.deb


• Debian libtiff4-dev_3.7.2-3sarge1_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_hppa.deb


• Debian libtiff4-dev_3.7.2-3sarge1_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_i386.deb


• Debian libtiff4-dev_3.7.2-3sarge1_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_ia64.deb


• Debian libtiff4-dev_3.7.2-3sarge1_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_m68k.deb


• Debian libtiff4-dev_3.7.2-3sarge1_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_mips.deb


• Debian libtiff4-dev_3.7.2-3sarge1_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_mipsel.deb


• Debian libtiff4-dev_3.7.2-3sarge1_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_powerpc.deb


• Debian libtiff4-dev_3.7.2-3sarge1_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_s390.deb


• Debian libtiff4-dev_3.7.2-3sarge1_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_sparc.deb


• Debian libtiff4_3.7.2-3sarge1_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_alpha.deb


• Debian libtiff4_3.7.2-3sarge1_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_amd64.deb


• Debian libtiff4_3.7.2-3sarge1_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_arm.deb


• Debian libtiff4_3.7.2-3sarge1_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_hppa.deb


• Debian libtiff4_3.7.2-3sarge1_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_i386.deb


• Debian libtiff4_3.7.2-3sarge1_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_ia64.deb


• Debian libtiff4_3.7.2-3sarge1_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_m68k.deb


• Debian libtiff4_3.7.2-3sarge1_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_mips.deb


• Debian libtiff4_3.7.2-3sarge1_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_mipsel.deb


• Debian libtiff4_3.7.2-3sarge1_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_powerpc.deb


• Debian libtiff4_3.7.2-3sarge1_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_s390.deb


• Debian libtiff4_3.7.2-3sarge1_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_sparc.deb


• Debian libtiffxx0_3.7.2-3sarge1_alpha.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_alpha.deb


• Debian libtiffxx0_3.7.2-3sarge1_amd64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_amd64.deb


• Debian libtiffxx0_3.7.2-3sarge1_arm.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_arm.deb


• Debian libtiffxx0_3.7.2-3sarge1_hppa.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_hppa.deb


• Debian libtiffxx0_3.7.2-3sarge1_i386.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_i386.deb


• Debian libtiffxx0_3.7.2-3sarge1_ia64.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_ia64.deb


• Debian libtiffxx0_3.7.2-3sarge1_m68k.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_m68k.deb


• Debian libtiffxx0_3.7.2-3sarge1_mips.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_mips.deb


• Debian libtiffxx0_3.7.2-3sarge1_mipsel.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_mipsel.deb


• Debian libtiffxx0_3.7.2-3sarge1_powerpc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_powerpc.deb


• Debian libtiffxx0_3.7.2-3sarge1_s390.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_s390.deb


• Debian libtiffxx0_3.7.2-3sarge1_sparc.deb
  Debian GNU/Linux 3.1 alias sarge
  http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_sparc.deb

LibTiff TIFFFetchData Integer Overflow Vulnerability

References:

• ASA-2006-119 - libtiff security update (RHSA-2006-0425) (Avaya)
  
• libtiff crashes on pathological input (Tavis Ormandy)
  
• LibTIFF Homepage (LibTIFF)
  
• RHSA-2006:0425-5 - libtiff security update (RedHat)
  
• Several libtiff issues were reported upstream in this bug (Josh Bressers)
  
• Solution 201332 : Multiple Security Vulnerabilities in the Solaris Tag Image (Sun)