CVE-2006-3460
libtiff < 3.8.2 - Heap-Based Buffer Overflow via JPEG Stream
Title source: llmDescription
Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).
References (41)
Core 41
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3486
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3101
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19289
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4034
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3105
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11265
Vendor Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21501
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21537
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21632
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21338
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-330-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016628
Patch, Vendor Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1137
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21370
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21598
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0648.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27222
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21290
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21274
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27181
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0603.html
Vendor Advisory vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21304
Vendor Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
Issue Tracking x_refsource_confirm
https://issues.rpath.com/browse/RPL-558
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27832
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21346
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21319
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21392
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21334
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19288
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22036
Various Sources vendor-advisory
x_refsource_trustix
http://lwn.net/Alerts/194228/
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
Scores
EPSS
0.0083
EPSS Percentile
74.9%
Details
CWE
CWE-119
Status
published
Products (1)
libtiff/libtiff
< 3.8.1
Published
Aug 03, 2006
Tracked Since
Feb 18, 2026