CVE-2006-2026

EPSS 10.3%

Published: 4/25/2006Modified: 4/28/2026

Description

Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions."

Affected packages (1)

Debian/tifffrom 0, < 3.8.1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2006-2026