Stack-based buffer overflow in LibTIFF LibTIFF
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2006-3459 |
| CWE-ID | CWE-121 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
LibTIFF Universal components / Libraries / Libraries used by multiple products |
| Vendor | LibTIFF |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Stack-based buffer overflow
EUVDB-ID: #VU31846
Risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2006-3459
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsLibTIFF: 1:6.0p1-4+deb7u4
CPE2.3 External linkshttps:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
https://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
https://lwn.net/Alerts/194228/
https://secunia.com/advisories/21253
https://secunia.com/advisories/21274
https://secunia.com/advisories/21290
https://secunia.com/advisories/21304
https://secunia.com/advisories/21319
https://secunia.com/advisories/21334
https://secunia.com/advisories/21338
https://secunia.com/advisories/21346
https://secunia.com/advisories/21370
https://secunia.com/advisories/21392
https://secunia.com/advisories/21501
https://secunia.com/advisories/21537
https://secunia.com/advisories/21598
https://secunia.com/advisories/21632
https://secunia.com/advisories/22036
https://secunia.com/advisories/27181
https://secunia.com/advisories/27222
https://secunia.com/advisories/27832
https://secunia.com/blog/76
https://securitytracker.com/id?1016628
https://securitytracker.com/id?1016671
https://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
https://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
https://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
https://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
https://www.debian.org/security/2006/dsa-1137
https://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
https://www.mandriva.com/security/advisories?name=MDKSA-2006:136
https://www.mandriva.com/security/advisories?name=MDKSA-2006:137
https://www.novell.com/linux/security/advisories/2006_44_libtiff.html
https://www.osvdb.org/27723
https://www.redhat.com/support/errata/RHSA-2006-0603.html
https://www.redhat.com/support/errata/RHSA-2006-0648.html
https://www.securityfocus.com/bid/19283
https://www.securityfocus.com/bid/19289
https://www.ubuntu.com/usn/usn-330-1
https://www.us-cert.gov/cas/techalerts/TA06-214A.html
https://www.vupen.com/english/advisories/2006/3101
https://www.vupen.com/english/advisories/2006/3105
https://www.vupen.com/english/advisories/2007/3486
https://www.vupen.com/english/advisories/2007/4034
https://issues.rpath.com/browse/RPL-558
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
