CVE-2006-3463

Name of the Vulnerable Software and Affected Versions kdegraphics versions 2.2.2 through 3.1.3 libtiff versions prior to 3.8.2 libtiff-devel versions prior to 3.8.2 libtiff-32bit versions prior to 3.8.2 libtiff-64bit versions prior to 3.8.2 libtiff-x86 versions prior to 3.8.2 libtiffxx0 versions prior to 3.8.2

Description The issue is related to multiple vulnerabilities in the libtiff package, which can lead to a denial of service. The EstimateStripByteCounts function in the TIFF library uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, allowing context-dependent attackers to cause a denial of service via a large td nstrips value, which triggers an infinite loop. The vulnerabilities can be exploited remotely.

Recommendations For kdegraphics versions 2.2.2 through 3.1.3, update to a version later than 3.1.3. For libtiff versions prior to 3.8.2, update to version 3.8.2 or later. For libtiff-devel versions prior to 3.8.2, update to version 3.8.2 or later. For libtiff-32bit versions prior to 3.8.2, update to version 3.8.2 or later. For libtiff-64bit versions prior to 3.8.2, update to version 3.8.2 or later. For libtiff-x86 versions prior to 3.8.2, update to version 3.8.2 or later. For libtiffxx0 versions prior to 3.8.2, update to version 3.8.2 or later.