exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2006-3459

Status Candidate

Overview

Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.

Related Files

Zero Day Initiative Advisory 11-302
Posted Oct 26, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-302 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within because Adobe Reader X includes an old version of libtiff. Adobe can be tricked in using this library by parsing a specially crafted PDF file containing U3D data. Due to the old version of libtiff Adobe Reader is vulnerable to the issue described in CVE-2006-3459 which can be leveraged to execute remote code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2006-3459, CVE-2011-2432
SHA-256 | fe46d7a57b0e88f1c4ee58713d2a9fcb8a6fd911ea38779a0a88cd29be04b5d1
Download | Favorite | View
Ubuntu Security Notice 330-1
Posted Aug 17, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-330-1 - Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity. By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application's privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
SHA-256 | 02e8f7a4c424124d22e17346178b9572a0ee2b0c30f9d6f5ea1a83396cac5441
Download | Favorite | View
Debian Linux Security Advisory 1137-1
Posted Aug 17, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1137-1 - Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library.

tags | advisory
systems | linux, debian
advisories | CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
SHA-256 | 35dd59f756d92b64f5716ea63b858fac3d771b002aa63e45e87c38f2235d59ee
Download | Favorite | View
Mandriva Linux Security Advisory 2006.137
Posted Aug 17, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-137 - Tavis Ormandy, Google Security Team, has discovered several vulnerabilities in the libtiff image processing library.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
SHA-256 | e76f9d9701f3ba6cb4b0952f13fee917025fdfaed8cd57eae5ad1df836cb0b1f
Download | Favorite | View
Mandriva Linux Security Advisory 2006.136
Posted Aug 17, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-136 - Tavis Ormandy, Google Security Team, discovered several vulnerabilities the libtiff image processing library. Older versions of kdegraphics use an embedded copy of the libtiff code.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2006-3459, CVE-2006-3460, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464
SHA-256 | 3bbf3a925c124d13b730b87a6f85b70e473d95635bce0807246f5170dec94594
Download | Favorite | View
SUSE-SA-2006-044.txt
Posted Aug 17, 2006
Site suse.com

SUSE Security Announcement SUSE-SA:2006:044 - This update of libtiff is the result of a source-code audit done by Tavis Ormandy, Google Security Team. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image provided by an attacker.

tags | advisory, remote, code execution
systems | linux, suse
advisories | CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
SHA-256 | 6a33cbb63f8b28b041c9fe86b364e74bd2a3ac1255c40090586f0c51a9e70e23
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close