BID:17809

LibTiff TIFFToRGB Denial of Service Vulnerability

Info

LibTiff TIFFToRGB Denial of Service Vulnerability

Bugtraq ID:	17809
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2006-2120
Remote:	Yes
Local:	No
Published:	May 03 2006 12:00AM
Updated:	Dec 02 2006 01:00AM
Credit:	Jean-Dominique Gascuel is credited with the discovery of this vulnerability.
Vulnerable:	Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix Secure Enterprise Linux 2.0 SGI ProPack 3.0 SP6 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux WS 2.1 IA64 Redhat Enterprise Linux WS 2.1 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux ES 2.1 IA64 Redhat Enterprise Linux ES 2.1 Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux AS 2.1 IA64 Redhat Enterprise Linux AS 2.1 Redhat Desktop 4.0 Redhat Desktop 3.0 Redhat Advanced Workstation for the Itanium Processor 2.1 IA64 Redhat Advanced Workstation for the Itanium Processor 2.1 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 MandrakeSoft Multi Network Firewall 2.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 LibTIFF LibTIFF 3.8 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.7.2 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 LibTIFF LibTIFF 3.7.1 LibTIFF LibTIFF 3.7 + Slackware Linux 10.0 + Slackware Linux -current LibTIFF LibTIFF 3.6.1 + Gentoo Linux 1.4 + Gentoo Linux + OpenPKG OpenPKG Current + Turbolinux Turbolinux Server 10.0 + Ubuntu Ubuntu Linux 5.0 4 powerpc + Ubuntu Ubuntu Linux 5.0 4 i386 + Ubuntu Ubuntu Linux 5.0 4 amd64 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 LibTIFF LibTIFF 3.6 .0 LibTIFF LibTIFF 3.5.7 + Redhat Fedora Core2 + Slackware Linux 9.1 + Slackware Linux 9.0 + Slackware Linux 8.1 + Turbolinux Appliance Server Hosting Edition 1.0 + Turbolinux Appliance Server Workgroup Edition 1.0 + Turbolinux Turbolinux Desktop 10.0 + Turbolinux Turbolinux Server 8.0 LibTIFF LibTIFF 3.5.5 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 + Turbolinux Turbolinux Server 7.0 + Turbolinux Turbolinux Workstation 8.0 + Turbolinux Turbolinux Workstation 7.0 LibTIFF LibTIFF 3.5.4 LibTIFF LibTIFF 3.5.3 LibTIFF LibTIFF 3.5.2 LibTIFF LibTIFF 3.5.1 LibTIFF LibTIFF 3.4 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Avaya Messaging Storage Server Avaya Message Networking Avaya Intuity LX

Not Vulnerable:	LibTIFF LibTIFF 3.8.1 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1

Discussion

LibTiff TIFFToRGB Denial of Service Vulnerability

LibTIFF is affected by a denial-of-service vulnerability.

An attacker can exploit this vulnerability to cause a denial of service in applications using the affected library.

Exploit / POC

LibTiff TIFFToRGB Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Solution / Fix

LibTiff TIFFToRGB Denial of Service Vulnerability

Solution:
These issues have been addressed in version 3.8.1 and later.

Please see the referenced vendor advisories for further information.

LibTIFF LibTIFF 3.4

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

LibTIFF LibTIFF 3.5.1

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

LibTIFF LibTIFF 3.5.2

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

LibTIFF LibTIFF 3.5.3

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

LibTIFF LibTIFF 3.5.4

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

LibTIFF LibTIFF 3.5.5

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

Mandriva libtiff-3.5.7-11.9.M20mdk.src.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-3.5.7-11.9.M20mdk.i586.rpm
Multi Network Firewall 2.0:
http://www.mandriva.com/en/download

LibTIFF LibTIFF 3.5.7

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

Mandriva lib64tiff3-3.5.7-11.9.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-devel-3.5.7-11.9.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-static-devel-3.5.7-11.9.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva libtiff-3.5.7-11.9.C30mdk.src.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.5.7-11.9.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.5.7-11.9.C30mdk.x86_64.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-3.5.7-11.9.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-devel-3.5.7-11.9.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

Mandriva libtiff3-static-devel-3.5.7-11.9.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download

LibTIFF LibTIFF 3.6 .0

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

LibTIFF LibTIFF 3.6.1

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

Mandriva lib64tiff3-3.6.1-11.3.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-devel-3.6.1-11.3.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva lib64tiff3-static-devel-3.6.1-11.3.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff-3.6.1-11.3.102mdk.src.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.6.1-11.3.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff-progs-3.6.1-11.3.102mdk.x86_64.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff3-3.6.1-11.3.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff3-devel-3.6.1-11.3.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

Mandriva libtiff3-static-devel-3.6.1-11.3.102mdk.i586.rpm
Mandriva Linux 10.2:
http://www.mandriva.com/en/download

LibTIFF LibTIFF 3.7

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

LibTIFF LibTIFF 3.7.1

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

LibTIFF LibTIFF 3.7.2

Debian libtiff-opengl_3.7.2-4_alpha.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-4_alpha.deb

Debian libtiff-opengl_3.7.2-4_amd64.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-4_amd64.deb

Debian libtiff-opengl_3.7.2-4_arm.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-4_arm.deb

Debian libtiff-opengl_3.7.2-4_hppa.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-4_hppa.deb

Debian libtiff-opengl_3.7.2-4_i386.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-4_i386.deb

Debian libtiff-opengl_3.7.2-4_ia64.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-4_ia64.deb

Debian libtiff-opengl_3.7.2-4_m68k.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-4_m68k.deb

Debian libtiff-opengl_3.7.2-4_mips.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-4_mips.deb

Debian libtiff-opengl_3.7.2-4_mipsel.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-4_mipsel.deb

Debian libtiff-opengl_3.7.2-4_powerpc.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-4_powerpc.deb

Debian libtiff-opengl_3.7.2-4_s390.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-4_s390.deb

Debian libtiff-opengl_3.7.2-4_sparc.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-4_sparc.deb

Debian libtiff-tools_3.7.2-4_alpha.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-4_alpha.deb

Debian libtiff-tools_3.7.2-4_amd64.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-4_amd64.deb

Debian libtiff-tools_3.7.2-4_arm.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-4_arm.deb

Debian libtiff-tools_3.7.2-4_hppa.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-4_hppa.deb

Debian libtiff-tools_3.7.2-4_i386.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-4_i386.deb

Debian libtiff-tools_3.7.2-4_ia64.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-4_ia64.deb

Debian libtiff-tools_3.7.2-4_m68k.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-4_m68k.deb

Debian libtiff-tools_3.7.2-4_mips.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-4_mips.deb

Debian libtiff-tools_3.7.2-4_mipsel.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-4_mipsel.deb

Debian libtiff-tools_3.7.2-4_powerpc.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-4_powerpc.deb

Debian libtiff-tools_3.7.2-4_s390.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-4_s390.deb

Debian libtiff-tools_3.7.2-4_sparc.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.7. 2-4_sparc.deb

Debian libtiff4-dev_3.7.2-4_alpha.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -4_alpha.deb

Debian libtiff4-dev_3.7.2-4_amd64.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -4_amd64.deb

Debian libtiff4-dev_3.7.2-4_arm.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -4_arm.deb

Debian libtiff4-dev_3.7.2-4_hppa.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -4_hppa.deb

Debian libtiff4-dev_3.7.2-4_i386.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -4_i386.deb

Debian libtiff4-dev_3.7.2-4_ia64.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -4_ia64.deb

Debian libtiff4-dev_3.7.2-4_m68k.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -4_m68k.deb

Debian libtiff4-dev_3.7.2-4_mips.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -4_mips.deb

Debian libtiff4-dev_3.7.2-4_mipsel.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -4_mipsel.deb

Debian libtiff4-dev_3.7.2-4_powerpc.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -4_powerpc.deb

Debian libtiff4-dev_3.7.2-4_s390.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -4_s390.deb

Debian libtiff4-dev_3.7.2-4_sparc.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.7.2 -4_sparc.deb

Debian libtiff4_3.7.2-4_alpha.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_a lpha.deb

Debian libtiff4_3.7.2-4_amd64.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_a md64.deb

Debian libtiff4_3.7.2-4_arm.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_a rm.deb

Debian libtiff4_3.7.2-4_hppa.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_h ppa.deb

Debian libtiff4_3.7.2-4_i386.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_i 386.deb

Debian libtiff4_3.7.2-4_ia64.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_i a64.deb

Debian libtiff4_3.7.2-4_m68k.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_m 68k.deb

Debian libtiff4_3.7.2-4_mips.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_m ips.deb

Debian libtiff4_3.7.2-4_mipsel.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_m ipsel.deb

Debian libtiff4_3.7.2-4_powerpc.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_p owerpc.deb

Debian libtiff4_3.7.2-4_s390.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_s 390.deb

Debian libtiff4_3.7.2-4_sparc.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.7.2-4_s parc.deb

Debian libtiffxx0_3.7.2-4_alpha.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4 _alpha.deb

Debian libtiffxx0_3.7.2-4_amd64.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4 _amd64.deb

Debian libtiffxx0_3.7.2-4_arm.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4 _arm.deb

Debian libtiffxx0_3.7.2-4_hppa.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4 _hppa.deb

Debian libtiffxx0_3.7.2-4_i386.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4 _i386.deb

Debian libtiffxx0_3.7.2-4_ia64.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4 _ia64.deb

Debian libtiffxx0_3.7.2-4_m68k.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4 _m68k.deb

Debian libtiffxx0_3.7.2-4_mips.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4 _mips.deb

Debian libtiffxx0_3.7.2-4_mipsel.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4 _mipsel.deb

Debian libtiffxx0_3.7.2-4_powerpc.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4 _powerpc.deb

Debian libtiffxx0_3.7.2-4_s390.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4 _s390.deb

Debian libtiffxx0_3.7.2-4_sparc.deb
http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0_3.7.2-4 _sparc.deb

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

LibTIFF LibTIFF 3.8

LibTIFF tiff-3.8.2.tar.gz
ftp://ftp.remotesensing.org/pub/libtiff/tiff-3.8.2.tar.gz

References

LibTiff TIFFToRGB Denial of Service Vulnerability

References:

ASA-2006-119 - libtiff security update (RHSA-2006-0425) (Avaya)
Bugzilla Bug 1065 CRASH in TIFFXYZToRGB() when XYZ > white point. (Jean-Dominique Gascuel)
Bugzilla Bug 189974 �?? CVE-2006-2120 libtiff DoS (Josh Bressers)
LibTIFF Homepage (LibTIFF)
RHSA-2006:0425-5 - libtiff security update (RedHat)