CVE-2006-3460Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.8%
top 25.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian TiffLibtiff
Timeline
PublishedAug 3
Latest updateMay 3

Description

Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDlibtiff/libtiff3.8.1
debiandebian/tiff< tiff 3.8.2-6 (bookworm)

Patches

Patch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-f3pq-43cm-w3cf: Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 32022-05-03
OSV
CVE-2006-3460: Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 32006-08-03

📋Vendor Advisories

9
Ubuntu
tiff vulnerabilities2006-08-03
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-01
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-01
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-01
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-01

💬Community

2
Bugzilla
CVE-2006-3459 kfax affected by libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-04
Bugzilla
CVE-2006-3459 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-07-17