CVE-2006-3465 – Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
https://notcve.org/view.php?id=CVE-2006-3465
Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en el soporte de etiquetas personalizadas para la librería TIFF (libTIFF) anterior a 3.8.2 permite a atacantes remotos provocar una denegación de servicio (inestabilidad o caída) y ejecutar código de su elección a través de vectores no especificados. • ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://docs.info.apple.com/article.html?artnum=304063 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http://lwn.net/Alerts/194228 http://secunia.com/advisories/21253 http://secunia.com/advisories/21274 http://secunia.com/advisories/21290 http://secunia.com/advisories/21304 http://secunia.com/advisories/21319& •
CVE-2006-3459 – Apple iPhone MobileSafari LibTIFF - 'browser' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-3459
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. Múltiples desbordamientos de búfer basados en pila en la librería TIFF (libtiff)anterior a 3.8.2 permiten a atacantes locales o remotos (dependiendo del contexto) provocar una denegación de servicio y posiblemente ejecutar código de su elección a través de vectores desconocidos, incluyendo un valor grande de tdir_count en la función TIFFFetchShortPair de tif_dirread.c • https://www.exploit-db.com/exploits/16862 https://www.exploit-db.com/exploits/16868 https://www.exploit-db.com/exploits/16869 https://www.exploit-db.com/exploits/21869 https://www.exploit-db.com/exploits/21868 https://www.exploit-db.com/exploits/11787 ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-3460 – Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
https://notcve.org/view.php?id=CVE-2006-3460
Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize). Desbordamiento de búfer basado en montón en el decodificador JPEG de la librería TIFF (libtiff) anterior a 3.8.2 permite a atacantes locales o remotos (dependiendo del contexto) provocar una denegación de servicio y posiblemente ejecutar código de su elección mediante un flujo JPEG codificado que es más largo que el tamaño de la línea de escaneo (TiffScanLineSize). • ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://lwn.net/Alerts/194228 http://secunia.com/advisories/21274 http://secunia.com/advisories/21290 http://secunia.com/advisories/21304 http://secunia.com/advisories/21319 http://secunia.com/advisories/21334 http://secunia.com/advisories/21338 http://secunia.com/advisories/21346 http://secunia.com/advisories/21370 http://secunia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-3463 – Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
https://notcve.org/view.php?id=CVE-2006-3463
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop. La función EstimateStripByteCounts en TIFF library (libtiff) versiones anteriores a 3.8.2 utiliza un valor corto sin signo de 16-bit cuando itera sobre un valor sin signo de 32-bit, que permite a atacantes locales o remotos dependientes del contexto provocar una denegación de servicio mediante un valor largo td_nstrips, que dispara un bucle infinito. • ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://lwn.net/Alerts/194228 http://secunia.com/advisories/21274 http://secunia.com/advisories/21290 http://secunia.com/advisories/21304 http://secunia.com/advisories/21319 http://secunia.com/advisories/21334 http://secunia.com/advisories/21338 http://secunia.com/advisories/21346 http://secunia.com/advisories/21370 http://secunia • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-3464 – Multiple libtiff flaws (CVE-2006-3460 CVE-2006-3461 CVE-2006-3462 CVE-2006-3463 CVE-2006-3464 CVE-2006-3465)
https://notcve.org/view.php?id=CVE-2006-3464
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations". La libreria TIFF (libtiff) anterior a 3.8.2 permite a atacantes dependientes del contexto pasar la validación de rango de números y posiblemente ejecutar código, y disparar avisos de error, a través de valores de offset en un directorio TIFF que conduce a un desbordamiento de entero y otros vectores no especificados afectando a "operaciones aritméticas no validadas". • ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc http://lwn.net/Alerts/194228 http://secunia.com/advisories/21274 http://secunia.com/advisories/21290 http://secunia.com/advisories/21304 http://secunia.com/advisories/21319 http://secunia.com/advisories/21334 http://secunia.com/advisories/21338 http://secunia.com/advisories/21346 http://secunia.com/advisories/21370 http://secunia • CWE-189: Numeric Errors •