CVE-2006-3462

NeXT RLE decoder <3.8.2 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.

References (47)

Core 47

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3486

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-330-1

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/3101

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2006-0648.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19289

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/4034

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA06-214A.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/3105

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11301

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2006-0603.html

Vendor Advisory x_refsource_confirm

http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm

Issue Tracking x_refsource_confirm

https://issues.rpath.com/browse/RPL-558

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21501

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2006:136

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21537

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21632

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21338

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/27726

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016628

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21253

Patch, Vendor Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2006/dsa-1137

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21370

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016671

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21598

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2006:137

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27222

Vendor Advisory vendor-advisory x_refsource_suse

http://www.novell.com/linux/security/advisories/2006_44_libtiff.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21290

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21274

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27181

Vendor Advisory vendor-advisory x_refsource_sgi

ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21304

Vendor Advisory vendor-advisory x_refsource_slackware

http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600

Vendor Advisory x_refsource_misc

http://docs.info.apple.com/article.html?artnum=304063

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19282

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27832

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21346

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21319

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21392

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21334

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22036

Various Sources vendor-advisory x_refsource_trustix

http://lwn.net/Alerts/194228/

Vendor Advisory vendor-advisory x_refsource_sunalert

http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1

Scores

EPSS 0.0187

EPSS Percentile 83.4%

Details

CWE

CWE-119

Status published

Products (1)

libtiff/libtiff < 3.8.1

Published Aug 03, 2006

Tracked Since Feb 18, 2026