FILE-PDF Adobe Acrobat Reader libtiff TIFFFetchShortPair stack buffer overflow attempt
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdircount value in the TIFFFetchShortPair function in tifdirread.c.
CVSS base score 7.5 CVSS impact score 6.4 CVSS exploitability score 10.0 confidentialityImpact PARTIAL integrityImpact PARTIAL availabilityImpact PARTIAL
CVE-2006-3459:
CVSS base score 7.5
CVSS impact score 6.4
CVSS exploitability score 10.0
Confidentiality Impact PARTIAL
Integrity Impact PARTIAL
Availability Impact PARTIAL
CVE-2010-0188:
CVSS base score 9.3
CVSS impact score 10.0
CVSS exploitability score 8.6
Confidentiality Impact COMPLETE
Integrity Impact COMPLETE
Availability Impact COMPLETE
CVE-2006-3459: Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdircount value in the TIFFFetchShortPair function in tifdirread.c.
CVE-2010-0188: Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2006-3459:
Access Vector NETWORK
Access Complexity LOW
Authentication NONE
CVE-2010-0188:
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE
None known
None known
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.