CVE-2006-0405

Name of the Vulnerable Software and Affected Versions: libtiff versions prior to 3.8.1

Description: The issue affects the tiff package in Gentoo Linux, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely by an authenticated attacker. Specifically, the TIFFFetchShortPair function in tif dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference.

Recommendations: For versions prior to 3.8.1, update to version 3.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to TIFF images from untrusted sources to minimize the risk of exploitation.