CVE-2006-3460

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 3.8.2 kdegraphics-2.2.2 kdegraphics-3.1.3 kdegraphics-devel-2.2.2 kdegraphics-devel-3.1.3

Description The issue involves multiple vulnerabilities in the libtiff and kdegraphics packages, which can lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).

Recommendations For libtiff versions prior to 3.8.2, update to version 3.8.2 or later. For kdegraphics-2.2.2, kdegraphics-3.1.3, kdegraphics-devel-2.2.2, and kdegraphics-devel-3.1.3, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable components until a patch is available. Avoid using the vulnerable packages until the issue is resolved.