CVE-2006-2024

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 3.8.1 kdegraphics versions 2.2.2 through 3.1.3 kdegraphics-devel versions 2.2.2 through 3.1.3 libtiff3g (affected versions not specified) libtiff3g-dev (affected versions not specified)

Description The issue involves multiple vulnerabilities in the libtiff and kdegraphics packages, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, with some requiring authentication. Technical details include errors in the TIFFFetchAnyArray function and improper restoration of setfield and getfield methods in cleanup functions within various files, such as tif jpeg.c, tif pixarlog.c, tif fax3.c, and tif zip.c.

Recommendations For libtiff versions prior to 3.8.1, update to version 3.8.1 or later. For kdegraphics versions 2.2.2 through 3.1.3, consider disabling vulnerable functions until a patch is available. For kdegraphics-devel versions 2.2.2 through 3.1.3, restrict access to vulnerable modules to minimize the risk of exploitation. For libtiff3g and libtiff3g-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability.