TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Libtiff
  • Libtiff

Configuration 1 [-]

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
References
Link Resource
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc Patch
http://lwn.net/Alerts/194228/
http://secunia.com/advisories/21274 Vendor Advisory
http://secunia.com/advisories/21290 Vendor Advisory
http://secunia.com/advisories/21304 Vendor Advisory
http://secunia.com/advisories/21319 Vendor Advisory
http://secunia.com/advisories/21334 Vendor Advisory
http://secunia.com/advisories/21338 Vendor Advisory
http://secunia.com/advisories/21346 Vendor Advisory
http://secunia.com/advisories/21370 Vendor Advisory
http://secunia.com/advisories/21392 Vendor Advisory
http://secunia.com/advisories/21501 Vendor Advisory
http://secunia.com/advisories/21537 Vendor Advisory
http://secunia.com/advisories/21598 Vendor Advisory
http://secunia.com/advisories/21632 Vendor Advisory
http://secunia.com/advisories/22036 Vendor Advisory
http://secunia.com/advisories/27832 Vendor Advisory
http://securitytracker.com/id?1016628
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
http://www.debian.org/security/2006/dsa-1137 Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
http://www.redhat.com/support/errata/RHSA-2006-0603.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2006-0648.html Vendor Advisory
http://www.securityfocus.com/bid/19286
http://www.ubuntu.com/usn/usn-330-1
http://www.vupen.com/english/advisories/2006/3105 Vendor Advisory
http://www.vupen.com/english/advisories/2007/4034 Vendor Advisory
https://issues.rpath.com/browse/RPL-558
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2006-08-03T01:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2006-07-10T00:00:00

Link: CVE-2006-3464

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2006-08-03T01:04:00.000

Modified: 2017-10-11T01:31:03.173

Link: CVE-2006-3464

JSON object: View

cve-icon Redhat Information

No data.

CWE