Vulnerability Name:

CVE-2006-3459 (CCN-28150)

Assigned:2006-08-01
Published:2006-08-01
Updated:2017-10-11
Summary:Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: UNKNOWN
20060801-01-P

Source: SGI
Type: UNKNOWN
20060901-01-P

Source: CCN
Type: BugTraq Mailing List, Tue Aug 01 2006 - 17:40:12 CDT
rPSA-2006-0142-1 libtiff

Source: MITRE
Type: CNA
CVE-2006-3459

Source: CCN
Type: Apple Security Update 2006-004
About Security Update 2006-004

Source: CCN
Type: Apple Security Update 2006-004 for Mac Pro
About Security Update 2006-004 for Mac Pro

Source: CCN
Type: Apple Web site
About the security content of iPhone v1.1.2 and iPod Touch v1.1.2 Updates

Source: APPLE
Type: UNKNOWN
APPLE-SA-2006-08-01

Source: TRUSTIX
Type: UNKNOWN
2006-0044

Source: CCN
Type: RHSA-2006-0603
libtiff security update

Source: CCN
Type: RHSA-2006-0648
kdegraphics security update

Source: CCN
Type: SA21253
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21253

Source: SECUNIA
Type: Vendor Advisory
21274

Source: SECUNIA
Type: UNKNOWN
21290

Source: CCN
Type: SA21304
libTIFF Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21304

Source: SECUNIA
Type: Vendor Advisory
21319

Source: SECUNIA
Type: Vendor Advisory
21334

Source: SECUNIA
Type: Vendor Advisory
21338

Source: SECUNIA
Type: Vendor Advisory
21346

Source: SECUNIA
Type: Vendor Advisory
21370

Source: SECUNIA
Type: Vendor Advisory
21392

Source: CCN
Type: SA21501
Avaya Products libTIFF Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
21501

Source: SECUNIA
Type: Vendor Advisory
21537

Source: SECUNIA
Type: Vendor Advisory
21598

Source: SECUNIA
Type: Vendor Advisory
21632

Source: SECUNIA
Type: Vendor Advisory
22036

Source: CCN
Type: SA27181
Sun Solaris libtiff Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
27181

Source: CCN
Type: SA27222
Sun Solaris libtiff Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
27222

Source: CCN
Type: SA27832
Sun Solaris libTIFF Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
27832

Source: MISC
Type: Vendor Advisory
http://secunia.com/blog/76

Source: CCN
Type: SECTRACK ID: 1016628
LibTIFF Multiple Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016628

Source: CCN
Type: SECTRACK ID: 1016671
(Apple Issues Fix for Mac Pro) LibTIFF Multiple Bugs Let Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1016671

Source: SLACKWARE
Type: UNKNOWN
SSA:2006-230

Source: CCN
Type: Sun Alert ID: 103099
Multiple Security Vulnerabilities in the Solaris Tag Image File Format Library libtiff(3)

Source: CCN
Type: Sun Alert ID: 103160
Security Vulnerabilities in libtiff(3) May Allow Denial of Service (DoS) or Privilege Elevation

Source: SUNALERT
Type: UNKNOWN
103160

Source: SUNALERT
Type: UNKNOWN
201331

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm

Source: CCN
Type: ASA-2006-166
libtiff security update (RHSA-2006-0603)

Source: CCN
Type: ASA-2006-207
kdegraphics security update (RHSA-2006-0648)

Source: CCN
Type: ASA-2007-440
Multiple Security Vulnerabilities in the Solaris Tag Image File Format Library libtiff(3) (Sun 103099)

Source: CCN
Type: ASA-2007-509
Security Vulnerabilities in libtiff(3) May Allow Denial of Service (DoS) or Privilege Elevation (Sun 103160)

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-1137

Source: DEBIAN
Type: DSA 1137-1
tiff -- several vulnerabilities

Source: DEBIAN
Type: DSA-1137
tiff -- several vulnerabilities

Source: CCN
Type: GLSA-200608-07
libTIFF: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200608-07

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:136

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:137

Source: SUSE
Type: UNKNOWN
SUSE-SA:2006:044

Source: OSVDB
Type: UNKNOWN
27723

Source: CCN
Type: OSVDB ID: 27723
LibTIFF tif_dirread.c TIFFFetchShortPair Function Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0603

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0648

Source: CCN
Type: LibTIFF Web page
LibTIFF - TIFF Library and Utilities

Source: BID
Type: UNKNOWN
19283

Source: CCN
Type: BID-19283
LibTIFF TiffFetchShortPair Remote Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
19289

Source: CCN
Type: BID-19289
Apple Mac OS X Multiple Security Vulnerabilities

Source: CCN
Type: USN-330-1
tiff vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-330-1

Source: CERT
Type: US Government Resource
TA06-214A

Source: VUPEN
Type: UNKNOWN
ADV-2006-3101

Source: VUPEN
Type: Vendor Advisory
ADV-2006-3105

Source: VUPEN
Type: Vendor Advisory
ADV-2007-3486

Source: VUPEN
Type: Vendor Advisory
ADV-2007-4034

Source: XF
Type: UNKNOWN
libtiff-tifffetchshortpair-bo(28150)

Source: CONFIRM
Type: UNKNOWN
https://issues.rpath.com/browse/RPL-558

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11497

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-11-2012]

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [10-09-2012]

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [08-01-2006]
Apple iOS MobileSafari LibTIFF Buffer Overflow

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [08-01-2006]
Apple iOS MobileMail LibTIFF Buffer Overflow

Source: SUSE
Type: SUSE-SA:2006:044
Libtiff integer overflows

Vulnerable Configuration:Configuration 1:
  • cpe:/a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:libtiff:libtiff:*:*:*:*:*:*:*:* (Version <= 3.8.1)
  • AND
  • cpe:/a:adobe:acrobat_reader:9.3.0:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

  • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:sun:solaris:8::x86:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:1.0:*:desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:5.10:*:*:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/a:rpath:rpath_linux:1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006::x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20063459
    V
    CVE-2006-3459
    2015-11-16
    oval:org.mitre.oval:def:11497
    V
    Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
    2013-04-29
    oval:com.redhat.rhsa:def:20060603
    P
    RHSA-2006:0603: libtiff security update (Important)
    2008-03-20
    oval:com.redhat.rhsa:def:20060648
    P
    RHSA-2006:0648: kdegraphics security update (Moderate)
    2008-03-20
    oval:org.debian:def:1137
    V
    several vulnerabilities
    2006-08-02
    BACK
    libtiff libtiff 3.4
    libtiff libtiff 3.4 beta18
    libtiff libtiff 3.4 beta24
    libtiff libtiff 3.4 beta28
    libtiff libtiff 3.4 beta29
    libtiff libtiff 3.4 beta31
    libtiff libtiff 3.4 beta32
    libtiff libtiff 3.4 beta34
    libtiff libtiff 3.4 beta35
    libtiff libtiff 3.4 beta36
    libtiff libtiff 3.4 beta37
    libtiff libtiff 3.5.1
    libtiff libtiff 3.5.2
    libtiff libtiff 3.5.3
    libtiff libtiff 3.5.4
    libtiff libtiff 3.5.5
    libtiff libtiff 3.5.6
    libtiff libtiff 3.5.6 beta
    libtiff libtiff 3.5.7
    libtiff libtiff 3.5.7 alpha
    libtiff libtiff 3.5.7 alpha2
    libtiff libtiff 3.5.7 alpha3
    libtiff libtiff 3.5.7 alpha4
    libtiff libtiff 3.5.7 beta
    libtiff libtiff 3.6.0
    libtiff libtiff 3.6.0 beta
    libtiff libtiff 3.6.0 beta2
    libtiff libtiff 3.6.1
    libtiff libtiff 3.7.0
    libtiff libtiff 3.7.0 alpha
    libtiff libtiff 3.7.0 beta
    libtiff libtiff 3.7.0 beta2
    libtiff libtiff 3.7.1
    libtiff libtiff 3.7.2
    libtiff libtiff 3.7.3
    libtiff libtiff 3.7.4
    libtiff libtiff 3.8.0
    libtiff libtiff *
    adobe acrobat reader 9.3.0
    sun solaris 8
    gentoo linux -
    suse linux enterprise server 8
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    sun solaris 8
    sun solaris 9
    redhat enterprise linux 3
    suse suse linux 9.2
    suse suse linux 1.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    debian debian linux 3.1
    mandrakesoft mandrake multi network firewall 2.0
    sun solaris 10
    sun solaris 10
    canonical ubuntu 5.10
    novell suse linux 10.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    rpath rpath linux 1
    canonical ubuntu 6.06
    novell suse linux 10.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux corporate server 3.0
    suse suse linux 9.3
    sun solaris 9