CVE - CVE-2006-3464

CVE-ID
CVE-2006-3464	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:19286 URL:http://www.securityfocus.com/bid/19286 CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm CONFIRM:https://issues.rpath.com/browse/RPL-558 DEBIAN:DSA-1137 URL:http://www.debian.org/security/2006/dsa-1137 GENTOO:GLSA-200608-07 URL:http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml MANDRIVA:MDKSA-2006:136 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:136~~ (Obsolete source) MANDRIVA:MDKSA-2006:137 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:137~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10916 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916 REDHAT:RHSA-2006:0603 URL:http://www.redhat.com/support/errata/RHSA-2006-0603.html REDHAT:RHSA-2006:0648 URL:http://www.redhat.com/support/errata/RHSA-2006-0648.html SECTRACK:1016628 URL:http://securitytracker.com/id?1016628 SECUNIA:21274 URL:http://secunia.com/advisories/21274 SECUNIA:21290 URL:http://secunia.com/advisories/21290 SECUNIA:21304 URL:http://secunia.com/advisories/21304 SECUNIA:21319 URL:http://secunia.com/advisories/21319 SECUNIA:21334 URL:http://secunia.com/advisories/21334 SECUNIA:21338 URL:http://secunia.com/advisories/21338 SECUNIA:21346 URL:http://secunia.com/advisories/21346 SECUNIA:21370 URL:http://secunia.com/advisories/21370 SECUNIA:21392 URL:http://secunia.com/advisories/21392 SECUNIA:21501 URL:http://secunia.com/advisories/21501 SECUNIA:21537 URL:http://secunia.com/advisories/21537 SECUNIA:21598 URL:http://secunia.com/advisories/21598 SECUNIA:21632 URL:http://secunia.com/advisories/21632 SECUNIA:22036 URL:http://secunia.com/advisories/22036 SECUNIA:27832 URL:http://secunia.com/advisories/27832 SGI:20060801-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P SGI:20060901-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc SLACKWARE:SSA:2006-230-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 SUNALERT:103160 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1~~ (Obsolete source) SUNALERT:201331 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1~~ (Obsolete source) SUSE:SUSE-SA:2006:044 URL:http://www.novell.com/linux/security/advisories/2006_44_libtiff.html TRUSTIX:2006-0044 URL:http://lwn.net/Alerts/194228/ UBUNTU:USN-330-1 URL:http://www.ubuntu.com/usn/usn-330-1 VUPEN:ADV-2006-3105 URL:~~http://www.vupen.com/english/advisories/2006/3105~~ (Obsolete source) VUPEN:ADV-2007-4034 URL:~~http://www.vupen.com/english/advisories/2007/4034~~ (Obsolete source)
Assigning CNA
Red Hat, Inc.
Date Record Created
20060710	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060710)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)