CVE-2006-3464

Severity

75%

Complexity

99%

Confidentiality

106%

TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".

TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 18 years ago

2006-08-03 01:04:00

Last updated 7 years ago

2017-10-11 01:31:00

Affected Software

LibTIFF

References

20060801-01-P

20060901-01-P

Patch

2006-0044

21274

Vendor Advisory

21290

Vendor Advisory

21304

Vendor Advisory

21319

Vendor Advisory

21334

Vendor Advisory

21338

Vendor Advisory

21346

Vendor Advisory

21370

Vendor Advisory

21392

Vendor Advisory

21501

Vendor Advisory

21537

Vendor Advisory

21598

Vendor Advisory

21632

Vendor Advisory

22036

Vendor Advisory

27832

Vendor Advisory

1016628

SSA:2006-230

103160

201331

http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm

DSA-1137

Patch, Vendor Advisory

GLSA-200608-07

MDKSA-2006:136

MDKSA-2006:137

SUSE-SA:2006:044

RHSA-2006:0603

Vendor Advisory

RHSA-2006:0648

Vendor Advisory

19286

USN-330-1

ADV-2006-3105

Vendor Advisory

ADV-2007-4034

Vendor Advisory

https://issues.rpath.com/browse/RPL-558

oval:org.mitre.oval:def:10916

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.