CVE-2006-3459

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 3.8.2 Adobe Reader version 9.3.0 kdegraphics versions 2.2.2 and 3.1.3 kdegraphics-devel versions 2.2.2 and 3.1.3 libtiff-devel (affected versions not specified) libtiff-64bit (affected versions not specified) libtiff-devel-64bit (affected versions not specified) libtiff-devel-32bit (affected versions not specified) libtiff-32bit (affected versions not specified) libtiffxx0 (affected versions not specified) tiff versions prior to 3.8.2-r2

Description Multiple stack-based buffer overflows in the TIFF library allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir count value in the TIFFFetchShortPair function in tif dirread.c. The vulnerability can be exploited remotely, potentially leading to disruption of confidentiality, integrity, and availability of protected information.

Recommendations For libtiff versions prior to 3.8.2, update to version 3.8.2 or later. For Adobe Reader version 9.3.0, update to a newer version that includes the fix for this issue. For kdegraphics versions 2.2.2 and 3.1.3, update to a newer version that includes the fix for this issue. For kdegraphics-devel versions 2.2.2 and 3.1.3, update to a newer version that includes the fix for this issue. For libtiff-devel, libtiff-64bit, libtiff-devel-64bit, libtiff-devel-32bit, libtiff-32bit, and libtiffxx0, update to a version that includes the fix for this issue, as the affected versions are not specified. For tiff versions prior to 3.8.2-r2, update to version 3.8.2-r2 or later. As a temporary workaround, consider disabling the TIFFFetchShortPair function in tif dirread.c until a patch is available.