The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Sun Alert 103099 Multiple Security Vulnerabilities in the Solaris Tag Image File Format Library libtiff(3)

Guest Author
Product: Solaris 9 Operating System, Solaris 10 Operating System, Solaris 8 Operating System

Multiple security vulnerabilities in the Solaris Tag Image File Format library (libtiff(3)) may allow a local or remote unprivileged user to crash applications that dynamically link to the "libtiff" library and execute arbitrary code with the privileges of a local user. The ability to crash an application that links to the "libtiff" library is a type of Denial of Service (DoS). Solaris ships several applications as part of the GNOME Desktop Environment that dynamically link with the "libtiff" library.

These issues are described in the following documents:

CVE-2006-2024 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2024

CVE-2006-2025 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2025

CVE-2006-2026 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2026

Sun acknowledges with thanks, Tavis Ormandy from the Google Security Team for bringing these issues to our attention.

Avoidance: Patch, Workaround
State: Workaround
First released: 11-Oct-2007

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.