Vulnerability Description
The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference. NOTE: This is a different issue than CVE-2006-1469.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | <= 10.4.7 |
| Apple | Mac Os X Server | <= 10.4.7 |
References
- http://www.security-protocols.com/sp-x31-advisory.php
- http://www.vupen.com/english/advisories/2006/2606Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27482
- http://www.security-protocols.com/sp-x31-advisory.php
- http://www.vupen.com/english/advisories/2006/2606Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27482
FAQ
What is CVE-2006-3356?
CVE-2006-3356 is a vulnerability with a CVSS score of 2.6 (LOW). The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF ima...
How severe is CVE-2006-3356?
CVE-2006-3356 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3356?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server.