exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2006-3459

Status Candidate

Overview

Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.

Related Files

Zero Day Initiative Advisory 11-302
Posted Oct 26, 2011
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-302 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within because Adobe Reader X includes an old version of libtiff. Adobe can be tricked in using this library by parsing a specially crafted PDF file containing U3D data. Due to the old version of libtiff Adobe Reader is vulnerable to the issue described in CVE-2006-3459 which can be leveraged to execute remote code under the context of the user running the application.

tags | advisory, remote, arbitrary
advisories | CVE-2006-3459, CVE-2011-2432
SHA-256 | fe46d7a57b0e88f1c4ee58713d2a9fcb8a6fd911ea38779a0a88cd29be04b5d1
Ubuntu Security Notice 330-1
Posted Aug 17, 2006
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-330-1 - Tavis Ormandy discovered that the TIFF library did not sufficiently check handled images for validity. By tricking an user or an automated system into processing a specially crafted TIFF image, an attacker could exploit these weaknesses to execute arbitrary code with the target application's privileges.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
SHA-256 | 02e8f7a4c424124d22e17346178b9572a0ee2b0c30f9d6f5ea1a83396cac5441
Debian Linux Security Advisory 1137-1
Posted Aug 17, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1137-1 - Tavis Ormandy of the Google Security Team discovered several problems in the TIFF library.

tags | advisory
systems | linux, debian
advisories | CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
SHA-256 | 35dd59f756d92b64f5716ea63b858fac3d771b002aa63e45e87c38f2235d59ee
Mandriva Linux Security Advisory 2006.137
Posted Aug 17, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-137 - Tavis Ormandy, Google Security Team, has discovered several vulnerabilities in the libtiff image processing library.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
SHA-256 | e76f9d9701f3ba6cb4b0952f13fee917025fdfaed8cd57eae5ad1df836cb0b1f
Mandriva Linux Security Advisory 2006.136
Posted Aug 17, 2006
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory MDKSA-2006-136 - Tavis Ormandy, Google Security Team, discovered several vulnerabilities the libtiff image processing library. Older versions of kdegraphics use an embedded copy of the libtiff code.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2006-3459, CVE-2006-3460, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464
SHA-256 | 3bbf3a925c124d13b730b87a6f85b70e473d95635bce0807246f5170dec94594
SUSE-SA-2006-044.txt
Posted Aug 17, 2006
Site suse.com

SUSE Security Announcement SUSE-SA:2006:044 - This update of libtiff is the result of a source-code audit done by Tavis Ormandy, Google Security Team. It fixes various bugs that can lead to denial-of-service conditions as well as to remote code execution while parsing a tiff image provided by an attacker.

tags | advisory, remote, code execution
systems | linux, suse
advisories | CVE-2006-3459, CVE-2006-3460, CVE-2006-3461, CVE-2006-3462, CVE-2006-3463, CVE-2006-3464, CVE-2006-3465
SHA-256 | 6a33cbb63f8b28b041c9fe86b364e74bd2a3ac1255c40090586f0c51a9e70e23
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close