Published: 03/08/2006 Updated: 11/10/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Libtiff

Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) prior to 3.8.2 allows remote malicious users to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libtiff libtiff

Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application’s privileges ...

Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2006-3459 Several stack-buffer overflows have been discovered CVE-2006-3460 A heap overflow vulnerability in the JPEG decoder may overrun a buffer with more da ...

NVD-CWE-Other http://www.debian.org/security/2006/dsa-1137 http://secunia.com/advisories/21253 https://issues.rpath.com/browse/RPL-558 http://www.redhat.com/support/errata/RHSA-2006-0603.html http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml http://www.novell.com/linux/security/advisories/2006_44_libtiff.html http://www.ubuntu.com/usn/usn-330-1 http://secunia.com/advisories/21370 http://secunia.com/advisories/21274 http://secunia.com/advisories/21290 http://secunia.com/advisories/21334 http://secunia.com/advisories/21392 http://docs.info.apple.com/article.html?artnum=304063 http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http://www.securityfocus.com/bid/19287 http://www.osvdb.org/27729 http://securitytracker.com/id?1016628 http://securitytracker.com/id?1016671 http://secunia.com/advisories/21501 http://secunia.com/advisories/21537 http://www.securityfocus.com/bid/19289 http://www.redhat.com/support/errata/RHSA-2006-0648.html http://secunia.com/advisories/21632 ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P http://secunia.com/advisories/21598 ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://secunia.com/advisories/22036 http://lwn.net/Alerts/194228/http://www.us-cert.gov/cas/techalerts/TA06-214A.html http://secunia.com/advisories/21304 http://secunia.com/advisories/21319 http://secunia.com/advisories/21338 http://secunia.com/advisories/21346 http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 http://secunia.com/advisories/27832 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 http://www.vupen.com/english/advisories/2007/4034 http://www.vupen.com/english/advisories/2006/3101 http://www.vupen.com/english/advisories/2006/3105 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9067 https://nvd.nist.gov https://usn.ubuntu.com/330-1/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook