BID:17733

LibTiff Double Free Memory Corruption Vulnerability

Info

LibTiff Double Free Memory Corruption Vulnerability

Bugtraq ID:	17733
Class:	Boundary Condition Error
CVE:	CVE-2006-2026
Remote:	Yes
Local:	No
Published:	Apr 28 2006 12:00AM
Updated:	Sep 04 2008 07:04PM
Credit:	Tavis Ormandy is credited with the discovery of this vulnerability.
Vulnerable:	Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 Sun Solaris 9_x86 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10_x86 Sun Solaris 10 SGI ProPack 3.0 SP6 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Professional 9.1 x86_64 S.u.S.E. Linux Professional 9.1 S.u.S.E. Linux Professional 9.0 x86_64 S.u.S.E. Linux Professional 9.0 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 LibTIFF LibTIFF 3.8 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.7.2 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.7.1 LibTIFF LibTIFF 3.7 + Slackware Linux 10.0 + Slackware Linux -current LibTIFF LibTIFF 3.6.1 + Gentoo Linux 1.4 + Gentoo Linux + OpenPKG OpenPKG Current + Turbolinux Turbolinux Server 10.0 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 LibTIFF LibTIFF 3.6 .0 LibTIFF LibTIFF 3.5.7 LibTIFF LibTIFF 3.5.5 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 LibTIFF LibTIFF 3.5.4 LibTIFF LibTIFF 3.5.3 LibTIFF LibTIFF 3.5.2 LibTIFF LibTIFF 3.5.1 LibTIFF LibTIFF 3.4 Gentoo Linux Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha Debian Linux 3.0 Avaya Messaging Storage Server Avaya Message Networking Avaya Intuity LX

Not Vulnerable:	LibTIFF LibTIFF 3.8.1 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1

Discussion

LibTiff Double Free Memory Corruption Vulnerability

Applications using the LibTIFF library are prone to a double-free vulnerability; a fix is available.

Attackers may be able to exploit this issue to cause denial-of-service conditions in affected applications using a vulnerable version of the library; arbitrary code execution may also be possible.

Exploit / POC

LibTiff Double Free Memory Corruption Vulnerability

The following proof of concept is available:

/data/vulnerabilities/exploits/input.tiff.2

Solution / Fix

LibTiff Double Free Memory Corruption Vulnerability

Solution:
The vendor has released version 3.8.1 to address this issue.

Please see the referenced vendor advisories for further information.

Sun Solaris 8_sparc

Sun 139093-01
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -139093-01-1

Sun Solaris 10

Sun 119900-03
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119900-03-1

Sun Solaris 10_x86

Sun 119901-03
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -119901-03-1

Sun Solaris 9

Sun 125673-01
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125673-01-1

Sun Solaris 9_x86

Sun 125674-01
http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125674-01-1

LibTIFF LibTIFF 3.5.5

Debian libtiff-tools_3.5.5-7woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_alpha.deb

Debian libtiff-tools_3.5.5-7woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_arm.deb

Debian libtiff-tools_3.5.5-7woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_hppa.deb

Debian libtiff-tools_3.5.5-7woody1_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_i386.deb

Debian libtiff-tools_3.5.5-7woody1_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_ia64.deb

Debian libtiff-tools_3.5.5-7woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_m68k.deb

Debian libtiff-tools_3.5.5-7woody1_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_mips.deb

Debian libtiff-tools_3.5.5-7woody1_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_mipsel.deb

Debian libtiff-tools_3.5.5-7woody1_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_powerpc.deb

Debian libtiff-tools_3.5.5-7woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_s390.deb

Debian libtiff-tools_3.5.5-7woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.5. 5-7woody1_sparc.deb

Debian libtiff3g-dev_3.5.5-7woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_alpha.deb

Debian libtiff3g-dev_3.5.5-7woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_arm.deb

Debian libtiff3g-dev_3.5.5-7woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_hppa.deb

Debian libtiff3g-dev_3.5.5-7woody1_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_i386.deb

Debian libtiff3g-dev_3.5.5-7woody1_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_ia64.deb

Debian libtiff3g-dev_3.5.5-7woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_m68k.deb

Debian libtiff3g-dev_3.5.5-7woody1_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_mips.deb

Debian libtiff3g-dev_3.5.5-7woody1_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_mipsel.deb

Debian libtiff3g-dev_3.5.5-7woody1_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_powerpc.deb

Debian libtiff3g-dev_3.5.5-7woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_s390.deb

Debian libtiff3g-dev_3.5.5-7woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g-dev_3.5. 5-7woody1_sparc.deb

Debian libtiff3g_3.5.5-7woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_alpha.deb

Debian libtiff3g_3.5.5-7woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_arm.deb

Debian libtiff3g_3.5.5-7woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_hppa.deb

Debian libtiff3g_3.5.5-7woody1_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_i386.deb

Debian libtiff3g_3.5.5-7woody1_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_ia64.deb

Debian libtiff3g_3.5.5-7woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_m68k.deb

Debian libtiff3g_3.5.5-7woody1_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_mips.deb

Debian libtiff3g_3.5.5-7woody1_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_mipsel.deb

Debian libtiff3g_3.5.5-7woody1_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_powerpc.deb

Debian libtiff3g_3.5.5-7woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_s390.deb

Debian libtiff3g_3.5.5-7woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/t/tiff/libtiff3g_3.5.5-7w oody1_sparc.deb

Mandriva libtiff-3.5.7-11.9.M20mdk.src.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-3.5.7-11.9.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

LibTIFF LibTIFF 3.6.1

Mandriva lib64tiff3-3.6.1-11.3.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-3.6.1-12.2.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-devel-3.6.1-11.3.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-devel-3.6.1-12.2.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-static-devel-3.6.1-11.3.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-static-devel-3.6.1-12.2.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva libtiff-3.6.1-11.3.102mdk.src.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff-3.6.1-12.2.20060mdk.src.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.6.1-11.3.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.6.1-11.3.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.6.1-12.2.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.6.1-12.2.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-3.6.1-11.3.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff3-3.6.1-12.2.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-devel-3.6.1-11.3.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff3-devel-3.6.1-12.2.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-static-devel-3.6.1-11.3.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff3-static-devel-3.6.1-12.2.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://www.mandriva.com/en/download

Ubuntu libtiff-tools_3.6.1-5ubuntu0.3_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1 -5ubuntu0.3_amd64.deb

Ubuntu libtiff-tools_3.6.1-5ubuntu0.3_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1 -5ubuntu0.3_i386.deb

Ubuntu libtiff-tools_3.6.1-5ubuntu0.3_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1 -5ubuntu0.3_powerpc.deb

Ubuntu libtiff4-dev_3.6.1-5ubuntu0.3_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1- 5ubuntu0.3_amd64.deb

Ubuntu libtiff4-dev_3.6.1-5ubuntu0.3_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1- 5ubuntu0.3_i386.deb

Ubuntu libtiff4-dev_3.6.1-5ubuntu0.3_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1- 5ubuntu0.3_powerpc.deb

Ubuntu libtiff4_3.6.1-5ubuntu0.3_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubu ntu0.3_amd64.deb

Ubuntu libtiff4_3.6.1-5ubuntu0.3_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubu ntu0.3_i386.deb

Ubuntu libtiff4_3.6.1-5ubuntu0.3_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubu ntu0.3_powerpc.deb

LibTIFF LibTIFF 3.7.2

Debian libtiff-opengl_3.7.2-3sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_alpha.deb

Debian libtiff-opengl_3.7.2-3sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_amd64.deb

Debian libtiff-opengl_3.7.2-3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_arm.deb

Debian libtiff-opengl_3.7.2-3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_hppa.deb

Debian libtiff-opengl_3.7.2-3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_i386.deb

Debian libtiff-opengl_3.7.2-3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_ia64.deb

Debian libtiff-opengl_3.7.2-3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_m68k.deb

Debian libtiff-opengl_3.7.2-3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_mips.deb

Debian libtiff-opengl_3.7.2-3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_mipsel.deb

Debian libtiff-opengl_3.7.2-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_powerpc.deb

Debian libtiff-opengl_3.7.2-3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_s390.deb

Debian libtiff-opengl_3.7.2-3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-3sarge1_sparc.deb

Debian libtiff-tools_3.7.2-3sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_alpha.deb

Debian libtiff-tools_3.7.2-3sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_amd64.deb

Debian libtiff-tools_3.7.2-3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_arm.deb

Debian libtiff-tools_3.7.2-3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_hppa.deb

Debian libtiff-tools_3.7.2-3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_i386.deb

Debian libtiff-tools_3.7.2-3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_ia64.deb

Debian libtiff-tools_3.7.2-3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_m68k.deb

Debian libtiff-tools_3.7.2-3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_mips.deb

Debian libtiff-tools_3.7.2-3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_mipsel.deb

Debian libtiff-tools_3.7.2-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_powerpc.deb

Debian libtiff-tools_3.7.2-3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_s390.deb

Debian libtiff-tools_3.7.2-3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-3sarge1_sparc.deb

Debian libtiff4-dev_3.7.2-3sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_alpha.deb

Debian libtiff4-dev_3.7.2-3sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_amd64.deb

Debian libtiff4-dev_3.7.2-3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_arm.deb

Debian libtiff4-dev_3.7.2-3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_hppa.deb

Debian libtiff4-dev_3.7.2-3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_i386.deb

Debian libtiff4-dev_3.7.2-3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_ia64.deb

Debian libtiff4-dev_3.7.2-3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_m68k.deb

Debian libtiff4-dev_3.7.2-3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_mips.deb

Debian libtiff4-dev_3.7.2-3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_mipsel.deb

Debian libtiff4-dev_3.7.2-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_powerpc.deb

Debian libtiff4-dev_3.7.2-3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_s390.deb

Debian libtiff4-dev_3.7.2-3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -3sarge1_sparc.deb

Debian libtiff4_3.7.2-3sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_alpha.deb

Debian libtiff4_3.7.2-3sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_amd64.deb

Debian libtiff4_3.7.2-3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_arm.deb

Debian libtiff4_3.7.2-3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_hppa.deb

Debian libtiff4_3.7.2-3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_i386.deb

Debian libtiff4_3.7.2-3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_ia64.deb

Debian libtiff4_3.7.2-3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_m68k.deb

Debian libtiff4_3.7.2-3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_mips.deb

Debian libtiff4_3.7.2-3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_mipsel.deb

Debian libtiff4_3.7.2-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_powerpc.deb

Debian libtiff4_3.7.2-3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_s390.deb

Debian libtiff4_3.7.2-3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-3sa rge1_sparc.deb

Debian libtiffxx0_3.7.2-3sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_alpha.deb

Debian libtiffxx0_3.7.2-3sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_amd64.deb

Debian libtiffxx0_3.7.2-3sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_arm.deb

Debian libtiffxx0_3.7.2-3sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_hppa.deb

Debian libtiffxx0_3.7.2-3sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_i386.deb

Debian libtiffxx0_3.7.2-3sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_ia64.deb

Debian libtiffxx0_3.7.2-3sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_m68k.deb

Debian libtiffxx0_3.7.2-3sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_mips.deb

Debian libtiffxx0_3.7.2-3sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_mipsel.deb

Debian libtiffxx0_3.7.2-3sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_powerpc.deb

Debian libtiffxx0_3.7.2-3sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_s390.deb

Debian libtiffxx0_3.7.2-3sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-3 sarge1_sparc.deb

References

LibTiff Double Free Memory Corruption Vulnerability

References:

ASA-2006-119 - libtiff security update (RHSA-2006-0425) (Avaya)
libtiff crashes on pathological input (Tavis Ormandy)
LibTIFF Homepage (LibTIFF)
RHSA-2006:0425-5 - libtiff security update (RedHat)
Several libtiff issues were reported upstream in this bug (Josh Bressers)
Solution 201332 : Multiple Security Vulnerabilities in the Solaris Tag Image (Sun)