Vulnerability Details : CVE-2006-3460
Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2006-3460
- cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3460
1.95%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3460
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2006-3460
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-3460
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
References for CVE-2006-3460
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
-
http://www.redhat.com/support/errata/RHSA-2006-0603.html
SupportVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265
404 Not Found
-
http://www.vupen.com/english/advisories/2006/3105
Site en constructionVendor Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
libTIFF: Multiple vulnerabilities (GLSA 200608-07) — Gentoo security
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
Mandriva
-
http://lwn.net/Alerts/194228/
Trustix alert TSLSA-2006-0044 (apache, gnupg, libtiff) [LWN.net]
-
http://www.vupen.com/english/advisories/2007/4034
Site en constructionVendor Advisory
-
http://www.ubuntu.com/usn/usn-330-1
USN-330-1: tiff vulnerabilities | Ubuntu security notices | Ubuntu
-
https://issues.rpath.com/browse/RPL-558
-
http://www.vupen.com/english/advisories/2007/3486
Site en constructionVendor Advisory
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
-
http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
404 Page Not Found | SUSE
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
-
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
-
http://www.securityfocus.com/bid/19288
-
http://securitytracker.com/id?1016628
Access Denied
-
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
Mandriva
-
http://www.securityfocus.com/bid/19289
-
http://www.vupen.com/english/advisories/2006/3101
Site en constructionVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2006-0648.html
SupportVendor Advisory
-
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
ASA-2006-166 (RHSA-2006-0603)
-
http://www.debian.org/security/2006/dsa-1137
[SECURITY] [DSA 1137-1] New tiff packages fix several vulnerabilitiesPatch;Vendor Advisory
Jump to