CVE-2006-3464Tiff vulnerability

CWE-18916 documents7 sources
Severity
7.5HIGHNVD
NVD4.6
EPSS
1.3%
top 20.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian TiffLibtiffSony Playstation Portable
Timeline
PublishedAug 3
Latest updateMay 3

Description

TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDlibtiff/libtiff3.8.1
debiandebian/tiff< tiff 3.8.2-6 (bookworm)
NVDsony/playstation_portable9 versions+8

Patches

Patch: patches.sgi.comPatch: www.debian.orgPatch: patches.sgi.com

🔴Vulnerability Details

3
GHSA
GHSA-wwrj-m97w-2rrp: TIFF library (libtiff) before 32022-05-03
GHSA
GHSA-gqrr-x6f4-q53v: Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 22022-05-01
OSV
CVE-2006-3464: TIFF library (libtiff) before 32006-08-03

📋Vendor Advisories

9
Ubuntu
tiff vulnerabilities2006-08-03
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-01
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-01
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-01
Red Hat
Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-01

💬Community

2
Bugzilla
CVE-2006-3459 kfax affected by libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-08-04
Bugzilla
CVE-2006-3459 Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)2006-07-17