CVE-2006-3463Improper Restriction of Operations within the Bounds of a Memory Buffer in Tiff

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents7 sources
Severity
7.8HIGHNVD
EPSS
3.6%
top 12.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian TiffLibtiff
Timeline
PublishedAug 3
Latest updateMay 3

Description

The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDlibtiff/libtiff3.8.1
debiandebian/tiff< tiff 3.8.2-6 (bookworm)

Patches

Patch: www.debian.orgPatch: www.debian.org

🔴Vulnerability Details

2
GHSA
GHSA-5pjq-w2jx-2mpq: The EstimateStripByteCounts function in TIFF library (libtiff) before 32022-05-03
OSV
CVE-2006-3463: The EstimateStripByteCounts function in TIFF library (libtiff) before 32006-08-03

📋Vendor Advisories

9
Ubuntu
tiff vulnerabilities2006-08-03
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-01
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-01
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-01
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-01

💬Community

2
Bugzilla
CVE-2006-3459 kfax affected by libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-04
Bugzilla
CVE-2006-3459 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-07-17