CVE-2006-3356

{"id": "CVE-2006-3356", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-07-06T20:05:00.000", "references": [{"url": "http://www.security-protocols.com/sp-x31-advisory.php", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/2606", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27482", "source": "cve@mitre.org"}, {"url": "http://www.security-protocols.com/sp-x31-advisory.php", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/2606", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27482", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and earlier allows remote user-assisted attackers to cause a denial of service (application crash) via an invalid tag value in a TIFF image, possibly triggering a null dereference.  NOTE: This is a different issue than CVE-2006-1469."}, {"lang": "es", "value": "La funci\u00f3n TIFFFetchAnyArray en ImageIO de Apple OS X 10.4.7 y versiones anteriores permiten al atacantes con la intervenci\u00f3n del usuario causar una denegaci\u00f3n de servicios (ca\u00edda de la aplicaci\u00f3n)a trav\u00e9s de un valor de etiqueta inv\u00e1lido en una imagen TIFF, posiblemente lanzando una referencia nula. NOTA: Asunto diferente a CVE-2006-1469."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F745FA7E-6141-446D-B531-ED3CE743371B", "versionEndIncluding": "10.4.7"}, {"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EE1DC4C-1173-4A31-A400-10009CD93DDA", "versionEndIncluding": "10.4.7"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n'CWE-476: NULL Pointer Dereference'", "sourceIdentifier": "cve@mitre.org"}