Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3459

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3459
Last Modified 06 Sep 2011 12:00:00
Published 02 Aug 2006 09:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3459

Summary

Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.

Vulnerable Systems

Application

  • Libtiff 3.4

  • Libtiff 3.5.1

  • Libtiff 3.5.2

  • Libtiff 3.5.3

  • Libtiff 3.5.4

  • Libtiff 3.5.5

  • Libtiff 3.5.6

  • Libtiff 3.5.7

  • Libtiff 3.6.0

  • Libtiff 3.6.1

  • Libtiff 3.7.0

  • Libtiff 3.7.1

  • Libtiff 3.7.2

  • Libtiff 3.7.3

  • Libtiff 3.7.4

  • Libtiff 3.8.0

  • Libtiff 3.8.1


References

CERT - TA06-214A

DEBIAN - DSA-1137

CONFIRM - https://issues.rpath.com/browse/RPL-558

VUPEN - ADV-2007-4034

VUPEN - ADV-2007-3486

VUPEN - ADV-2006-3105

VUPEN - ADV-2006-3101

UBUNTU - USN-330-1

BID - 19289

BID - 19283

REDHAT - RHSA-2006:0648

REDHAT - RHSA-2006:0603

OSVDB - 27723

SUSE - SUSE-SA:2006:044

MANDRIVA - MDKSA-2006:137

MANDRIVA - MDKSA-2006:136

GENTOO - GLSA-200608-07

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm

SUNALERT - 201331

SUNALERT - 103160

SLACKWARE - SSA:2006-230

SLACKWARE - SSA:2006-230-01

SECTRACK - 1016671

SECTRACK - 1016628

MISC - http://secunia.com/blog/76

SECUNIA - 27832

SECUNIA - 27222

SECUNIA - 27181

SECUNIA - 22036

SECUNIA - 21632

SECUNIA - 21598

SECUNIA - 21537

SECUNIA - 21501

SECUNIA - 21392

SECUNIA - 21370

SECUNIA - 21346

SECUNIA - 21338

SECUNIA - 21334

SECUNIA - 21319

SECUNIA - 21304

SECUNIA - 21290

SECUNIA - 21274

SECUNIA - 21253

TRUSTIX - 2006-0044

APPLE - APPLE-SA-2006-08-01

SGI - 20060901-01-P

SGI - 20060801-01-P

Related Patches

Apple 2006-08-01 Security Update 2006-004 Mac OS X 10.4.7 Client (PPC)

Apple 2006-08-01 Security Update 2006-004 Mac OS X 10.4.7 Client (Intel)


Last Updated: 27 May 2016 10:43:01