漏洞信息详情
Libtiff图形库JPEG解码器堆溢出漏洞
- CNNVD编号:CNNVD-200608-031
- 危害等级: 高危
![图片[1]-Libtiff图形库JPEG解码器堆溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-26/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2006-3460
- 漏洞类型:
缓冲区溢出
- 发布时间:
2005-04-21
- 威胁类型:
远程
- 更新时间:
2006-09-05
- 厂 商:
libtiff - 漏洞来源:
Tavis Ormandy tavi… -
漏洞简介
Silicon Graphics LibTIFF是美国Silicon Graphics公司的一个读写TIFF(标签图像文件格式)文件的库。该库包含一些处理TIFF文件的命令行工具。
JPEG解码器中存在堆溢出漏洞。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.3.9
Apple SecUpdSrvr2006-004Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11231&cat= 1&platform=osx&method=sa/SecUpdSrvr2006-004Pan.dmg
Apple Mac OS X 10.3.9
Apple SecUpd2006-004Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11230&cat= 1&platform=osx&method=sa/SecUpd2006-004Pan.dmg
Apple Mac OS X 10.4.7
Apple SecUpd2006-004Intel.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=11232&cat= 1&platform=osx&method=sa/SecUpd2006-004Intel.dmg
LibTIFF LibTIFF 3.6.1
Slackware libtiff-3.8.2-i486-1_slack10.0.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ libtiff-3.8.2-i486-1_slack10.0.tgz
Slackware libtiff-3.8.2-i486-1_slack10.1.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ libtiff-3.8.2-i486-1_slack10.1.tgz
Trustix libtiff-3.7.3-4tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix libtiff-devel-3.7.3-4tr.i586.rpm
Trustix Secure Linux 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Ubuntu libtiff-tools_3.6.1-5ubuntu0.6_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1 -5ubuntu0.6_amd64.deb
Ubuntu libtiff-tools_3.6.1-5ubuntu0.6_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1 -5ubuntu0.6_i386.deb
Ubuntu libtiff-tools_3.6.1-5ubuntu0.6_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff-tools_3.6.1 -5ubuntu0.6_powerpc.deb
Ubuntu libtiff4-dev_3.6.1-5ubuntu0.6_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1- 5ubuntu0.6_amd64.deb
Ubuntu libtiff4-dev_3.6.1-5ubuntu0.6_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1- 5ubuntu0.6_i386.deb
Ubuntu libtiff4-dev_3.6.1-5ubuntu0.6_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4-dev_3.6.1- 5ubuntu0.6_powerpc.deb
Ubuntu libtiff4_3.6.1-5ubuntu0.6_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubu ntu0.6_amd64.deb
Ubuntu libtiff4_3.6.1-5ubuntu0.6_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubu ntu0.6_i386.deb
Ubuntu libtiff4_3.6.1-5ubuntu0.6_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/t/tiff/libtiff4_3.6.1-5ubu ntu0.6_powerpc.deb
LibTIFF LibTIFF 3.7.1
Slackware libtiff-3.8.2-i486-1_slack10.1.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ libtiff-3.8.2-i486-1_slack10.1.tgz
Slackware libtiff-3.8.2-i486-1_slack10.1.tgz
Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ libtiff-3.8.2-i486-1_slack10.1.tgz
Slackware libtiff-3.8.2-i486-1_slack10.2.tgz
Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ libtiff-3.8.2-i486-1_slack10.2.tgz
LibTIFF LibTIFF 3.7.2
Debian libtiff-opengl_3.7.2-7_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-7_alpha.deb
Debian libtiff-opengl_3.7.2-7_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-7_amd64.deb
Debian libtiff-opengl_3.7.2-7_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-7_arm.deb
Debian libtiff-opengl_3.7.2-7_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-7_hppa.deb
Debian libtiff-opengl_3.7.2-7_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.7 .2-7_i386.deb
Debian libtiff-opengl_3.7.2-7_ia64.deb
Debian GNU/Linux 3.1 alias sarge
参考网址
来源: DEBIAN
名称: DSA-1137
链接:http://www.debian.org/security/2006/dsa-1137
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-558
来源: UBUNTU
名称: USN-330-1
链接:http://www.ubuntu.com/usn/usn-330-1
来源: BID
名称: 19289
链接:http://www.securityfocus.com/bid/19289
来源: BID
名称: 19288
链接:http://www.securityfocus.com/bid/19288
来源: REDHAT
名称: RHSA-2006:0648
链接:http://www.redhat.com/support/errata/RHSA-2006-0648.html
来源: REDHAT
名称: RHSA-2006:0603
链接:http://www.redhat.com/support/errata/RHSA-2006-0603.html
来源: SUSE
名称: SUSE-SA:2006:044
链接:http://www.novell.com/linux/security/advisories/2006_44_libtiff.html
来源: GENTOO
名称: GLSA-200608-07
链接:http://www.gentoo.org/security/en/glsa/glsa-200608-07.xml
来源: VUPEN
名称: ADV-2006-3105
链接:http://www.frsirt.com/english/advisories/2006/3105
来源: VUPEN
名称: ADV-2006-3101
链接:http://www.frsirt.com/english/advisories/2006/3101
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2006-166.htm
来源: SLACKWARE
名称: SSA:2006-230
链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.536600
来源: SECTRACK
名称: 1016628
链接:http://securitytracker.com/id?1016628
来源: SECUNIA
名称: 21632
链接:http://secunia.com/advisories/21632
来源: SECUNIA
名称: 21537
链接:http://secunia.com/advisories/21537
来源: SECUNIA
名称: 21501
链接:http://secunia.com/advisories/21501
来源: SECUNIA
名称: 21392
链接:http://secunia.com/advisories/21392
来源: SECUNIA
名称: 21370
链接:http://secunia.com/advisories/21370
来源: SECUNIA
名称: 21334
链接:http://secunia.com/advisories/21334
来源: SECUNIA
名称: 21290
链接:http://secunia.com/advisories/21290
来源: SECUNIA
名称: 21274
链接:http://secunia.com/advisories/21274
来源: MANDRIVA
名称: MDKSA-2006:137
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:137
来源: MANDRIVA
名称: MDKSA-2006:136
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:136
来源: MANDRIVA
名称: MDKSA-2006:137
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:137
来源: MANDRIVA
名称: MDKSA-2006:136
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:136
来源: VUPEN
名称: ADV-2007-4034
链接:http://www.frsirt.com/english/advisories/2007/4034
来源: VUPEN
名称: ADV-2007-3486
链接:http://www.frsirt.com/english/advisories/2007/3486
来源: SUNALERT
名称: 201331
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
来源: SUNALERT
名称: 103160
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
来源: SECUNIA
名称: 27832
链接:http://secunia.com/advisories/27832
来源: SECUNIA
名称: 27222
链接:http://secunia.com/advisories/27222
来源: SECUNIA
名称: 27181
链接:http://secunia.com/advisories/27181
来源: SECUNIA
名称: 22036
链接:http://secunia.com/advisories/22036
来源: SECUNIA
名称: 21598
链接:http://secunia.com/advisories/21598
来源: SECUNIA
名称: 21346
链接:http://secunia.com/advisories/21346
来源: SECUNIA
名称: 21338
链接:http://secunia.com/advisories/21338
来源: SECUNIA
名称: 21319
链接:http://secunia.com/advisories/21319
来源: SECUNIA
名称: 21304
链接:http://secunia.com/advisories/21304
来源: TRUSTIX
名称: 2006-0044
链接:http://lwn.net/Alerts/194228/
来源: SGI
名称: 20060901-01-P
链接:ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
来源: SGI
名称: 20060801-01-P
链接:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
