Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-3464

Published: 03/08/2006 Updated: 11/10/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Libtiff

Vulnerability Summary

TIFF library (libtiff) prior to 3.8.2 allows context-dependent malicious users to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".

Vulnerable Product Search on Vulmon Subscribe to Product

libtiff libtiff

Vendor Advisories

Ubuntu Security Notice: tiff vulnerabilities
Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application’s privileges ...
Debian Security Advisories: DSA-1137-1 tiff -- several vulnerabilities
Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2006-3459 Several stack-buffer overflows have been discovered CVE-2006-3460 A heap overflow vulnerability in the JPEG decoder may overrun a buffer with more da ...

References

CWE-189http://www.debian.org/security/2006/dsa-1137http://www.securityfocus.com/bid/19286https://issues.rpath.com/browse/RPL-558http://www.redhat.com/support/errata/RHSA-2006-0603.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200608-07.xmlhttp://www.novell.com/linux/security/advisories/2006_44_libtiff.htmlhttp://www.ubuntu.com/usn/usn-330-1http://secunia.com/advisories/21370http://secunia.com/advisories/21274http://secunia.com/advisories/21290http://secunia.com/advisories/21334http://secunia.com/advisories/21392http://support.avaya.com/elmodocs2/security/ASA-2006-166.htmhttp://securitytracker.com/id?1016628http://secunia.com/advisories/21501http://secunia.com/advisories/21537http://www.redhat.com/support/errata/RHSA-2006-0648.htmlhttp://secunia.com/advisories/21632ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Phttp://secunia.com/advisories/21598ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.aschttp://secunia.com/advisories/22036http://lwn.net/Alerts/194228/http://secunia.com/advisories/21304http://secunia.com/advisories/21319http://secunia.com/advisories/21338http://secunia.com/advisories/21346http://www.mandriva.com/security/advisories?name=MDKSA-2006:136http://www.mandriva.com/security/advisories?name=MDKSA-2006:137http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1http://secunia.com/advisories/27832http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1http://www.vupen.com/english/advisories/2007/4034http://www.vupen.com/english/advisories/2006/3105http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916https://nvd.nist.govhttps://usn.ubuntu.com/330-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook