CVE-2006-3464

Name of the Vulnerable Software and Affected Versions libtiff versions prior to 3.8.2 kdegraphics versions 2.2.2 and 3.1.3 kdegraphics-devel versions 2.2.2 and 3.1.3

Description The issue involves multiple vulnerabilities in the libtiff and kdegraphics packages, which can lead to disruptions in the confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The libtiff library before version 3.8.2 is specifically vulnerable to context-dependent attacks that can pass numeric range checks, possibly execute code, and trigger assert errors via large offset values in a TIFF directory, leading to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".

Recommendations For libtiff versions prior to 3.8.2, update to version 3.8.2 or later. For kdegraphics versions 2.2.2 and 3.1.3, consider disabling the vulnerable components until a patch is available. For kdegraphics-devel versions 2.2.2 and 3.1.3, consider disabling the vulnerable components until a patch is available. As a temporary workaround, consider restricting access to the vulnerable modules to minimize the risk of exploitation.