PT-2006-7530 · Libtiff+1 · Libtiff+1

Tavis Ormandy

Publicado

1970-01-01

Atualizado

2017-10-11

CVE-2006-3462

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 3.8.2

Description The issue is related to a heap-based buffer overflow in the NeXT RLE decoder in the TIFF library. This might allow attackers to execute arbitrary code via unknown vectors involving decoding large RLE images. Multiple vulnerabilities in the libtiff package can lead to disruption of availability of protected information and can be exploited remotely.

Recommendations For libtiff versions prior to 3.8.2, update to version 3.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the TIFF library until a patch is available. Avoid using the NeXT RLE decoder in the TIFF library until the issue is resolved.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

BDU:2015-00793

BDU:2015-04888

BDU:2015-04889

BDU:2015-04890

BDU:2015-04891

BDU:2015-04892

BDU:2015-04893

BDU:2015-04894

BDU:2015-06213

BDU:2015-06214

BDU:2015-06217

BDU:2015-06218

BDU:2015-09521

CVE-2006-3462

DSA-1137-1

RHSA-2006:0603

RHSA-2006:0648

RHSA-2006_0603

Produtos afetados

Red Hat

Libtiff

PT-2006-7530 · Libtiff+1 · Libtiff+1

CVE-2006-3462

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 87