CVE-2006-3356

The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:N/A:P

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://www.security-protocols.com/sp-x31-advisory.php
http://www.vupen.com/english/advisories/2006/2606	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/27482

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:mac_os_x::::::::
	cpe:2.3:o:apple:mac_os_x_server::::::::

History

No history.

Information

Published : 2006-07-06 20:05

Updated : 2023-12-10 10:28

NVD link : CVE-2006-3356

Mitre link : CVE-2006-3356

CVE.ORG link : CVE-2006-3356

JSON object : View

Products Affected

apple

mac_os_x
mac_os_x_server

CWE

NVD-CWE-Other

{"id": "CVE-2006-3356", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-07-06T20:05:00.000", "references": [{"url": "http://www.security-protocols.com/sp-x31-advisory.php", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2606", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27482", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469."}, {"lang": "es", "value": "La funci\u00f3n TIFFFetchAnyArray en ImageIO de Apple OS X 10.4.7 y versiones anteriores permiten al atacantes con la intervenci\u00f3n del usuario causar una denegaci\u00f3n de servicios (ca\u00edda de la aplicaci\u00f3n)a trav\u00e9s de un valor de etiqueta inv\u00e1lido en una imagen TIFF, posiblemente lanzando una referencia nula. NOTA: Asunto diferente a CVE-2006-1469."}], "lastModified": "2017-07-20T01:32:15.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F745FA7E-6141-446D-B531-ED3CE743371B", "versionEndIncluding": "10.4.7"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EE1DC4C-1173-4A31-A400-10009CD93DDA", "versionEndIncluding": "10.4.7"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n'CWE-476: NULL Pointer Dereference'", "sourceIdentifier": "cve@mitre.org"}