Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-3459

Disclosure Date: August 03, 2006
CVE-2006-3459
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
exploit/apple_ios/browser/safari_libtiff
exploit/apple_ios/email/mobilemail_libtiff
Reporter
Unknown

Vendors

  • libtiff

Products

  • libtiff,
  • libtiff 3.4,
  • libtiff 3.5.1,
  • libtiff 3.5.2,
  • libtiff 3.5.3,
  • libtiff 3.5.4,
  • libtiff 3.5.5,
  • libtiff 3.5.6,
  • libtiff 3.5.7,
  • libtiff 3.6.0,
  • libtiff 3.6.1,
  • libtiff 3.7.0,
  • libtiff 3.7.1,
  • libtiff 3.7.2,
  • libtiff 3.7.3,
  • libtiff 3.7.4,
  • libtiff 3.8.0

References

Canonical
CVE-2006-3459 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459)
BID-19289 (http://www.securityfocus.com/bid/19289)
BID-19283 (http://www.securityfocus.com/bid/19283)
Advisory
APPLE-SA-2006-08-01 (http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html)
ADV-2007-3486 (http://www.vupen.com/english/advisories/2007/3486)
SECUNIA-21501 (http://secunia.com/advisories/21501)
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
SECUNIA-21537 (http://secunia.com/advisories/21537)
SECUNIA-21632 (http://secunia.com/advisories/21632)
GLSA-200608-07 (http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml)
SECUNIA-21338 (http://secunia.com/advisories/21338)
USN-330-1 (http://www.ubuntu.com/usn/usn-330-1)
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
ADV-2006-3101 (http://www.vupen.com/english/advisories/2006/3101)
SECTRACK-1016628 (http://securitytracker.com/id?1016628)
SECUNIA-21253 (http://secunia.com/advisories/21253)
DSA-1137 (http://www.debian.org/security/2006/dsa-1137)
SECUNIA-21370 (http://secunia.com/advisories/21370)
SECTRACK-1016671 (http://securitytracker.com/id?1016671)
SECUNIA-21598 (http://secunia.com/advisories/21598)
http://www.redhat.com/support/errata/RHSA-2006-0648.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
SECUNIA-27222 (http://secunia.com/advisories/27222)
ADV-2007-4034 (http://www.vupen.com/english/advisories/2007/4034)
TA06-214A (http://www.us-cert.gov/cas/techalerts/TA06-214A.html)
http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
SECUNIA-21290 (http://secunia.com/advisories/21290)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497
SECUNIA-21274 (http://secunia.com/advisories/21274)
ADV-2006-3105 (http://www.vupen.com/english/advisories/2006/3105)
SECUNIA-27181 (http://secunia.com/advisories/27181)
http://www.redhat.com/support/errata/RHSA-2006-0603.html
SECUNIA-21304 (http://secunia.com/advisories/21304)
https://issues.rpath.com/browse/RPL-558
SECUNIA-27832 (http://secunia.com/advisories/27832)
SECUNIA-21346 (http://secunia.com/advisories/21346)
SUNALERT-201331 (http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1)
SECUNIA-21319 (http://secunia.com/advisories/21319)
SECUNIA-21392 (http://secunia.com/advisories/21392)
SECUNIA-21334 (http://secunia.com/advisories/21334)
SECUNIA-22036 (http://secunia.com/advisories/22036)
OSVDB-27723 (http://www.osvdb.org/27723)
SUNALERT-103160 (http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1)
Miscellaneous
http://secunia.com/blog/76
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
2006-0044 (http://lwn.net/Alerts/194228)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis