Rapid7 Vulnerability & Exploit Database

ELSA-2006:0603 Enterprise Linux libtiff security update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2006:0603 Enterprise Linux libtiff security update

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:C)

Published

08/02/2006

Created

07/25/2018

Added

12/20/2011

Modified

04/11/2019

Description

The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.

Solution(s)

oracle-linux-upgrade-libtiff
oracle-linux-upgrade-libtiff-devel

References

https://attackerkb.com/topics/cve-2006-3460
APPLE-SA-2006-08-01
19282
19284
19286
19287
19288
19289
19290
TA06-214A
CVE - 2006-3460
CVE - 2006-3461
CVE - 2006-3462
CVE - 2006-3463
CVE - 2006-3464
CVE - 2006-3465
DSA-1137
OVAL10639
OVAL10916
OVAL11265
OVAL11301
OVAL9067
OVAL9910
RHSA-2006:0603
RHSA-2006:0648
20060801-01-P
20060901-01-P
SUSE-SA:2006:044
http://oss.oracle.com/pipermail/el-errata/2007-March/000077.html

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;