Vulnerability DatabaseCVE-2006-3464
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2006-3464
August 03, 2006
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".
Related ResourcesĀ (36)
http://www.securityfocus.com/bid/19286
http://secunia.com/advisories/21319
http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
http://secunia.com/advisories/21346
http://www.redhat.com/support/errata/RHSA-2006-0603.html
http://secunia.com/advisories/21392
http://secunia.com/advisories/21370
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
http://secunia.com/advisories/21537
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
http://www.vupen.com/english/advisories/2006/3105
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
http://www.vupen.com/english/advisories/2007/4034
http://secunia.com/advisories/21334
http://secunia.com/advisories/21598
http://www.ubuntu.com/usn/usn-330-1
http://lwn.net/Alerts/194228/
http://secunia.com/advisories/22036
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
http://securitytracker.com/id?1016628
http://secunia.com/advisories/21501
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
http://www.redhat.com/support/errata/RHSA-2006-0648.html
http://www.debian.org/security/2006/dsa-1137
http://secunia.com/advisories/21290
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
http://secunia.com/advisories/21304
http://secunia.com/advisories/21632
https://issues.rpath.com/browse/RPL-558
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10916
http://secunia.com/advisories/21274
http://secunia.com/advisories/21338
http://secunia.com/advisories/27832
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
7.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
EPSS
Base Score:
1.26