PT-2006-7530 · Libtiff+1 · Libtiff+1

Tavis Ormandy

Published

1970-01-01

Updated

2017-10-11

CVE-2006-3462

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 3.8.2

Description The issue is related to a heap-based buffer overflow in the NeXT RLE decoder in the TIFF library. This might allow attackers to execute arbitrary code via unknown vectors involving decoding large RLE images. Multiple vulnerabilities in the libtiff package can lead to disruption of availability of protected information and can be exploited remotely.

Recommendations For libtiff versions prior to 3.8.2, update to version 3.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the TIFF library until a patch is available. Avoid using the NeXT RLE decoder in the TIFF library until the issue is resolved.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-00793

BDU:2015-04888

BDU:2015-04889

BDU:2015-04890

BDU:2015-04891

BDU:2015-04892

BDU:2015-04893

BDU:2015-04894

BDU:2015-06213

BDU:2015-06214

BDU:2015-06217

BDU:2015-06218

BDU:2015-09521

CVE-2006-3462

DSA-1137-1

RHSA-2006:0603

RHSA-2006:0648

RHSA-2006_0603

Affected Products

Red Hat

Libtiff

PT-2006-7530 · Libtiff+1 · Libtiff+1

CVE-2006-3462

Weakness Enumeration

Related Identifiers

Affected Products

References · 87