Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-3459 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer16 documents9 sources

Severity

7.5HIGHNVD

EPSS

66.5%

top 1.46%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Debian Tiff Libtiff

Timeline

PublishedAug 3

Latest updateMay 3

Description

Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDlibtiff/libtiff3.8.1+16

▶debiandebian/tiff< tiff 3.8.2-6 (bookworm)

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-m9p7-26x3-qmg3: Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3↗2022-05-03

▶

OSV

CVE-2006-3459: Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3↗2006-08-03

▶

💥Exploits & PoCs

Exploit-DB

Apple iOS Mobile Safari - LibTIFF Buffer Overflow (Metasploit)↗2012-10-09

▶

Exploit-DB

Apple iOS Mobile Mail - LibTIFF Buffer Overflow (Metasploit)↗2012-10-09

▶

Exploit-DB

Apple iPhone MobileSafari LibTIFF - 'email' Remote Buffer Overflow (Metasploit) (2)↗2010-09-20

▶

Exploit-DB

iPhone MobileMail - LibTIFF Buffer Overflow (Metasploit)↗2010-09-20

▶

Exploit-DB

Apple iPhone MobileSafari LibTIFF - 'browser' Remote Buffer Overflow (Metasploit) (1)↗2010-09-20

▶

📋Vendor Advisories

Ubuntu

tiff vulnerabilities↗2006-08-03

▶

Red Hat

Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)↗2006-08-01

▶

Debian

CVE-2006-3459: tiff - Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2...↗2006

▶

💬Community

Bugzilla

CVE-2006-3459 kfax affected by libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)↗2006-08-04

▶

Bugzilla

CVE-2006-3459 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)↗2006-07-17

▶