7.5

CVE-2006-3459

Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.

Data is provided by the National Vulnerability Database (NVD)
LibtiffLibtiff Version <= 3.8.1
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.4
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.4 Updatebeta18
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.4 Updatebeta24
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.4 Updatebeta28
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.4 Updatebeta29
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.4 Updatebeta31
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.4 Updatebeta32
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.4 Updatebeta34
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.4 Updatebeta35
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.4 Updatebeta36
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.4 Updatebeta37
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.1
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.2
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.3
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.4
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.5
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.6
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.6 Updatebeta
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.7
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.7 Updatealpha
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.7 Updatealpha2
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.7 Updatealpha3
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.7 Updatealpha4
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.5.7 Updatebeta
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.6.0
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.6.0 Updatebeta
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.6.0 Updatebeta2
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.6.1
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.7.0
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.7.0 Updatealpha
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.7.0 Updatebeta
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.7.0 Updatebeta2
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.7.1
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.7.2
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.7.3
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.7.4
   AdobeAcrobat Reader Version9.3.0
LibtiffLibtiff Version3.8.0
   AdobeAcrobat Reader Version9.3.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 69.31% 0.986
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.