Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3463

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2006-3463
Last Modified 10 Jun 2011 12:00:00
Published 02 Aug 2006 09:04:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3463

Summary

The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.

Vulnerable Systems

Application

  • Libtiff 3.8.1


References

DEBIAN - DSA-1137

CONFIRM - https://issues.rpath.com/browse/RPL-558

VUPEN - ADV-2007-4034

VUPEN - ADV-2007-3486

VUPEN - ADV-2006-3105

UBUNTU - USN-330-1

BID - 19284

REDHAT - RHSA-2006:0648

REDHAT - RHSA-2006:0603

SUSE - SUSE-SA:2006:044

MANDRIVA - MDKSA-2006:137

MANDRIVA - MDKSA-2006:136

GENTOO - GLSA-200608-07

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm

SUNALERT - 201331

SUNALERT - 103160

SLACKWARE - SSA:2006-230

SECTRACK - 1016628

SECUNIA - 27832

SECUNIA - 27222

SECUNIA - 27181

SECUNIA - 22036

SECUNIA - 21632

SECUNIA - 21598

SECUNIA - 21537

SECUNIA - 21501

SECUNIA - 21392

SECUNIA - 21370

SECUNIA - 21346

SECUNIA - 21338

SECUNIA - 21334

SECUNIA - 21319

SECUNIA - 21304

SECUNIA - 21290

SECUNIA - 21274

TRUSTIX - 2006-0044

SGI - 20060901-01-P

SGI - 20060801-01-P

SLACKWARE - SSA:2006-230-01


Last Updated: 27 May 2016 10:44:52