CVE-2006-3460
EPSS 0.83%
Description
Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize).
How to fix CVE-2006-3460
To remediate CVE-2006-3460, upgrade the affected package to a fixed version below.
- Debian/tiff—upgrade to 3.8.2-6 or later
Is CVE-2006-3460 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.8.2-6