Back to search
CVE-2006-2656
Published: May 30, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2006-591
vendor-advisory
x_refsource_FEDORA
20520
third-party-advisory
x_refsource_SECUNIA
20766
third-party-advisory
x_refsource_SECUNIA
GLSA-200607-03
vendor-advisory
x_refsource_GENTOO
20501
third-party-advisory
x_refsource_SECUNIA
DSA-1091
vendor-advisory
x_refsource_DEBIAN
SUSE-SR:2006:014
vendor-advisory
x_refsource_SUSE
MDKSA-2006:095
vendor-advisory
x_refsource_MANDRIVA
21002
third-party-advisory
x_refsource_SECUNIA
20060524 tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow...
mailing-list
x_refsource_VULN-DEV
USN-289-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now