Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1137-1 (tiff)
The remote host is missing an update to tiff
announced via advisory DSA 1137-1.

Tavis Ormandy of the Google Security Team discovered several problems
in the TIFF library. The Common Vulnerabilities and Exposures project
identifies the following issues:


Several stack-buffer overflows have been discovered.


A heap overflow vulnerability in the JPEG decoder may overrun a
buffer with more data than expected.


A heap overflow vulnerability in the PixarLog decoder may allow an
attacker to execute arbitrary code.


A heap overflow vulnerability has been discovered in the NeXT RLE


An loop was discovered where a 16bit unsigned short was used to
iterate over a 32bit unsigned value so that the loop would never
terminate and continue forever.


Multiple unchecked arithmetic operations were uncovered, including
a number of the range checking operations designed to ensure the
offsets specified in TIFF directories are legitimate.


A flaw was also uncovered in libtiffs custom tag support which may
result in abnormal behaviour, crashes, or potentially arbitrary
code execution.

For the stable distribution (sarge) these problems have been fixed in
version 3.7.2-7.

For the unstable distribution (sid) these problems have been fixed in
version 3.8.2-6.

We recommend that you upgrade your libtiff packages.


CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-3459
BugTraq ID: 19283
BugTraq ID: 19289
Cert/CC Advisory: TA06-214A
Debian Security Information: DSA-1137 (Google Search)
SGI Security Advisory: 20060801-01-P
SGI Security Advisory: 20060901-01-P
SuSE Security Announcement: SUSE-SA:2006:044 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2006-3460
BugTraq ID: 19288
Common Vulnerability Exposure (CVE) ID: CVE-2006-3461
BugTraq ID: 19290
Common Vulnerability Exposure (CVE) ID: CVE-2006-3462
BugTraq ID: 19282
Common Vulnerability Exposure (CVE) ID: CVE-2006-3463
BugTraq ID: 19284
Common Vulnerability Exposure (CVE) ID: CVE-2006-3464
BugTraq ID: 19286
Common Vulnerability Exposure (CVE) ID: CVE-2006-3465
BugTraq ID: 19287
CopyrightCopyright (c) 2006 E-Soft Inc.

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.