Unrated severityNVD Advisory· Published Aug 3, 2006· Updated Apr 16, 2026
CVE-2006-3459
CVE-2006-3459
Description
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
Affected products
38cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*+ 37 more
- cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*range: <=3.8.1
- cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta18:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta24:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta28:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta29:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta31:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta32:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta34:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta35:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta36:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:beta37:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.6:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:alpha:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:alpha2:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:alpha3:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:alpha4:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:alpha:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:beta:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
47- www.debian.org/security/2006/dsa-1137nvdPatchVendor Advisory
- secunia.com/advisories/21253nvdVendor Advisory
- secunia.com/advisories/21274nvdVendor Advisory
- secunia.com/advisories/21304nvdVendor Advisory
- secunia.com/advisories/21319nvdVendor Advisory
- secunia.com/advisories/21334nvdVendor Advisory
- secunia.com/advisories/21338nvdVendor Advisory
- secunia.com/advisories/21346nvdVendor Advisory
- secunia.com/advisories/21370nvdVendor Advisory
- secunia.com/advisories/21392nvdVendor Advisory
- secunia.com/advisories/21501nvdVendor Advisory
- secunia.com/advisories/21537nvdVendor Advisory
- secunia.com/advisories/21598nvdVendor Advisory
- secunia.com/advisories/21632nvdVendor Advisory
- secunia.com/advisories/22036nvdVendor Advisory
- secunia.com/advisories/27181nvdVendor Advisory
- secunia.com/advisories/27222nvdVendor Advisory
- secunia.com/advisories/27832nvdVendor Advisory
- secunia.com/blog/76nvdVendor Advisory
- www.vupen.com/english/advisories/2006/3105nvdVendor Advisory
- www.vupen.com/english/advisories/2007/3486nvdVendor Advisory
- www.vupen.com/english/advisories/2007/4034nvdVendor Advisory
- www.us-cert.gov/cas/techalerts/TA06-214A.htmlnvdUS Government Resource
- patches.sgi.com/support/free/security/advisories/20060801-01-Pnvd
- patches.sgi.com/support/free/security/advisories/20060901-01-P.ascnvd
- lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlnvd
- lwn.net/Alerts/194228/nvd
- secunia.com/advisories/21290nvd
- securitytracker.com/idnvd
- securitytracker.com/idnvd
- slackware.com/security/viewer.phpnvd
- sunsolve.sun.com/search/document.donvd
- sunsolve.sun.com/search/document.donvd
- support.avaya.com/elmodocs2/security/ASA-2006-166.htmnvd
- www.gentoo.org/security/en/glsa/glsa-200608-07.xmlnvd
- www.mandriva.com/security/advisoriesnvd
- www.mandriva.com/security/advisoriesnvd
- www.novell.com/linux/security/advisories/2006_44_libtiff.htmlnvd
- www.osvdb.org/27723nvd
- www.redhat.com/support/errata/RHSA-2006-0603.htmlnvd
- www.redhat.com/support/errata/RHSA-2006-0648.htmlnvd
- www.securityfocus.com/bid/19283nvd
- www.securityfocus.com/bid/19289nvd
- www.ubuntu.com/usn/usn-330-1nvd
- www.vupen.com/english/advisories/2006/3101nvd
- issues.rpath.com/browse/RPL-558nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11497nvd
News mentions
0No linked articles in our index yet.