CVE-2006-3464

Description

TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations".

How to fix CVE-2006-3464

To remediate CVE-2006-3464, upgrade the affected package to a fixed version below.

• Debian/tiff—upgrade to 3.8.2-6 or later

Is CVE-2006-3464 being exploited?

Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3.8.2-6

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-3464