CVE-2006-2024

libtiff < 3.8.1 - Denial of Service via TIFF Image Parsing Errors

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2024. PoCs published by Tavis Ormandy.

AI-analyzed exploit summary The exploit consists of malformed TIFF files designed to trigger denial-of-service vulnerabilities in LibTIFF. These files cause crashes or hangs in applications using the library due to improper handling of TIFF tags or structures.

Description

Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tavis Ormandy · textdoslinux

https://www.exploit-db.com/exploits/27762

View Code ZIP pw:eip

The exploit consists of malformed TIFF files designed to trigger denial-of-service vulnerabilities in LibTIFF. These files cause crashes or hangs in applications using the library due to improper handling of TIFF tags or structures.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: LibTIFF (versions affected by CVE-2006-2024)

No auth needed

Prerequisites: Access to deliver malformed TIFF files to the target application

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (28)

Core 28

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/26133

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19851

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/1563

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20210

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19949

Patch x_refsource_confirm

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189933

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/277-1/

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200605-17.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20667

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9893

Exploit x_refsource_misc

http://bugzilla.remotesensing.org/show_bug.cgi?id=1102

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19936

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19964

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201332-1

Vendor Advisory vendor-advisory x_refsource_trustix

http://www.trustix.org/errata/2006/0024

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20345

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2006/dsa-1054

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2006-0425.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19838

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20021

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2006:082

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19897

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20023

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_04_28.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17730

Scores

EPSS 0.0865

EPSS Percentile 94.4%

Details

Status published

Products (13)

libtiff/libtiff 3.4

libtiff/libtiff 3.5.1

libtiff/libtiff 3.5.2

libtiff/libtiff 3.5.3

libtiff/libtiff 3.5.4

libtiff/libtiff 3.5.5

libtiff/libtiff 3.5.6

libtiff/libtiff 3.5.7

libtiff/libtiff 3.6.0

libtiff/libtiff 3.6.1

... and 3 more

Published Apr 25, 2006

Tracked Since Feb 18, 2026