CVE-2006-2025

Name of the Vulnerable Software and Affected Versions kdegraphics versions 2.2.2 through 3.1.3 tiff versions prior to 3.8.1 libtiff3g versions prior to 3.8.1 libtiff3g-dev versions prior to 3.8.1

Description The issue involves multiple vulnerabilities in various packages, including kdegraphics, tiff, libtiff3g, and libtiff3g-dev, which can lead to disruptions in confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely, with some requiring authentication. The vulnerabilities are related to an integer overflow in the TIFFFetchData function in tif dirread.c for libtiff before 3.8.1, allowing context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.

Recommendations For kdegraphics versions 2.2.2 through 3.1.3, update to a version later than 3.1.3 to resolve the issue. For tiff versions prior to 3.8.1, update to version 3.8.1 or later to fix the vulnerability. For libtiff3g versions prior to 3.8.1, update to version 3.8.1 or later to resolve the issue. For libtiff3g-dev versions prior to 3.8.1, update to version 3.8.1 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the vulnerable packages until a patch is available.