CVE-2006-3461
published 2006-08-03CVE-2006-3461: Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code…
PriorityP336high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
4.91%
91.0th percentile
Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.8.2-6 (bookworm) | tiff 3.8.2-6 (bookworm) |
| libtiff | libtiff | <= 3.8.1 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
tiff vulnerabilities
vendor_ubuntu·2006-08-03
CVE-2006-3459 tiff vulnerabilities
Title: tiff vulnerabilities
Summary: tiff vulnerabilities
Tavis Ormandy discovered that the TIFF library did not sufficiently
check handled images for validity. By tricking an user or an automated
system into processing a specially crafted TIFF image, an attacker
could exploit these weaknesses to execute arbitrary code with the
target application's privileges.
This library is used in many client and server applications, thus you
should reboot your computer after the upgrade to ensure that all
running programs use the new version of the library.
Instructions: After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
vendor_redhat·2006-08-01·CVSS 7.5
CVE-2006-3463 [HIGH] Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
vendor_redhat·2006-08-01·CVSS 7.5
CVE-2006-3462 [HIGH] Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
vendor_redhat·2006-08-01·CVSS 7.5
CVE-2006-3464 [HIGH] Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
vendor_redhat·2006-08-01·CVSS 7.5
CVE-2006-3465 [HIGH] Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
vendor_redhat·2006-08-01·CVSS 7.5
CVE-2006-3460 [HIGH] Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
vendor_redhat·2006-08-01·CVSS 7.5
CVE-2006-3461 [HIGH] Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
vendor_redhat·2006-08-01·CVSS 7.5
CVE-2006-3459 [HIGH] Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2006-3461: tiff - Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff)...
vendor_debian·2006·CVSS 7.5
CVE-2006-3461 [HIGH] CVE-2006-3461: tiff - Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff)...
Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
Scope: local
bookworm: resolved (fixed in 3.8.2-6)
bullseye: resolved (fixed in 3.8.2-6)
forky: resolved (fixed in 3.8.2-6)
sid: resolved (fixed in 3.8.2-6)
trixie: resolved (fixed in 3.8.2-6)
GHSA
GHSA-45pc-wv4r-j445: Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3
ghsa_unreviewed·2022-05-03
CVE-2006-3461 [HIGH] GHSA-45pc-wv4r-j445: Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3
Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
OSV
CVE-2006-3461: Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3
osv·2006-08-03·CVSS 7.5
CVE-2006-3461 [HIGH] CVE-2006-3461: Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3
Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2006-3459 kfax affected by libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
bugzilla·2006-08-04·CVSS 7.5
CVE-2006-3459 [HIGH] CVE-2006-3459 kfax affected by libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
CVE-2006-3459 kfax affected by libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
+++ This bug was initially created as a clone of Bug #199111 +++
From: Tavis Ormandy
(with edits from Mark Cox)
Hi there, Google have sponsored me to perform a security audit of
libtiff-3.8.2, in which a number of critical security flaws have been
uncovered. These flaws could be leveraged by an attacker to compromise
or disrupt any services that support the processing of tiff images.
Several buffer overflows have been discovered, including a stack
buffer overflow via TIFFFetchShortPair() in tif_dirread.c, which is
used to read two unsigned shorts from the input file. While a bounds
check is performed via CheckDirCount(), no action is taken on the
result all
Bugzilla
CVE-2006-3459 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
bugzilla·2006-07-17·CVSS 7.5
CVE-2006-3459 [HIGH] CVE-2006-3459 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
CVE-2006-3459 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
From: Tavis Ormandy
(with edits from Mark Cox)
Hi there, Google have sponsored me to perform a security audit of
libtiff-3.8.2, in which a number of critical security flaws have been
uncovered. These flaws could be leveraged by an attacker to compromise
or disrupt any services that support the processing of tiff images.
Several buffer overflows have been discovered, including a stack
buffer overflow via TIFFFetchShortPair() in tif_dirread.c, which is
used to read two unsigned shorts from the input file. While a bounds
check is performed via CheckDirCount(), no action is taken on the
result allowing a pathological tdir_count to read an arbitrary number
of unsigned sh
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Pftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.aschttp://lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlhttp://lwn.net/Alerts/194228/http://secunia.com/advisories/21253http://secunia.com/advisories/21274http://secunia.com/advisories/21290http://secunia.com/advisories/21304http://secunia.com/advisories/21319http://secunia.com/advisories/21334http://secunia.com/advisories/21338http://secunia.com/advisories/21346http://secunia.com/advisories/21370http://secunia.com/advisories/21392http://secunia.com/advisories/21501http://secunia.com/advisories/21537http://secunia.com/advisories/21598http://secunia.com/advisories/21632http://secunia.com/advisories/22036http://secunia.com/advisories/27181http://secunia.com/advisories/27222http://secunia.com/advisories/27832http://securitytracker.com/id?1016628http://securitytracker.com/id?1016671http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1http://support.avaya.com/elmodocs2/security/ASA-2006-166.htmhttp://www.debian.org/security/2006/dsa-1137http://www.gentoo.org/security/en/glsa/glsa-200608-07.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:137http://www.novell.com/linux/security/advisories/2006_44_libtiff.htmlhttp://www.osvdb.org/27725http://www.redhat.com/support/errata/RHSA-2006-0603.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0648.htmlhttp://www.securityfocus.com/bid/19289http://www.securityfocus.com/bid/19290http://www.ubuntu.com/usn/usn-330-1http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlhttp://www.vupen.com/english/advisories/2006/3101http://www.vupen.com/english/advisories/2006/3105http://www.vupen.com/english/advisories/2007/3486http://www.vupen.com/english/advisories/2007/4034https://issues.rpath.com/browse/RPL-558https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910ftp://patches.sgi.com/support/free/security/advisories/20060801-01-Pftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.aschttp://lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlhttp://lwn.net/Alerts/194228/http://secunia.com/advisories/21253http://secunia.com/advisories/21274http://secunia.com/advisories/21290http://secunia.com/advisories/21304http://secunia.com/advisories/21319http://secunia.com/advisories/21334http://secunia.com/advisories/21338http://secunia.com/advisories/21346http://secunia.com/advisories/21370http://secunia.com/advisories/21392http://secunia.com/advisories/21501http://secunia.com/advisories/21537http://secunia.com/advisories/21598http://secunia.com/advisories/21632http://secunia.com/advisories/22036http://secunia.com/advisories/27181http://secunia.com/advisories/27222http://secunia.com/advisories/27832http://securitytracker.com/id?1016628http://securitytracker.com/id?1016671http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1http://support.avaya.com/elmodocs2/security/ASA-2006-166.htmhttp://www.debian.org/security/2006/dsa-1137http://www.gentoo.org/security/en/glsa/glsa-200608-07.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:137http://www.novell.com/linux/security/advisories/2006_44_libtiff.htmlhttp://www.osvdb.org/27725http://www.redhat.com/support/errata/RHSA-2006-0603.htmlhttp://www.redhat.com/support/errata/RHSA-2006-0648.htmlhttp://www.securityfocus.com/bid/19289http://www.securityfocus.com/bid/19290http://www.ubuntu.com/usn/usn-330-1http://www.us-cert.gov/cas/techalerts/TA06-214A.htmlhttp://www.vupen.com/english/advisories/2006/3101http://www.vupen.com/english/advisories/2006/3105http://www.vupen.com/english/advisories/2007/3486http://www.vupen.com/english/advisories/2007/4034https://issues.rpath.com/browse/RPL-558https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9910
2006-08-03
Published