CVE-2006-3463 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-3463
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-3463

Description: The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-330-1 TRUSTIX http://lwn.net/Alerts/194228/ SUSE http://www.novell.com/linux/security/advisories/2006_44_libtiff.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-103099-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 ST 1016628 SLACKWARE http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600 SGI SAID Secunia Advisory: SA21304 Secunia Advisory: SA22036 Secunia Advisory: SA21598 Secunia Advisory: SA21632 Secunia Advisory: SA21537 Secunia Advisory: SA21501 Secunia Advisory: SA21392 Secunia Advisory: SA21334 Secunia Advisory: SA21290 Secunia Advisory: SA21370 Secunia Advisory: SA21274 Secunia Advisory: SA21319 Secunia Advisory: SA21338 Secunia Advisory: SA21346 Secunia Advisory: SA27181 Secunia Advisory: SA27222 Secunia Advisory: SA27832 REDHAT http://www.redhat.com/support/errata/RHSA-2006-0648.html http://www.redhat.com/support/errata/RHSA-2006-0603.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:137 http://www.mandriva.com/security/advisories?name=MDKSA-2006:136 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml DEBIAN http://www.debian.org/security/2006/dsa-1137 CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm BID 19284

Return to the previous page.