Lucene search

[email protected]CVE-2006-2656

HistoryMay 30, 2006 - 6:02 p.m.

CVE-2006-2656

2006-05-3018:02:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2006-2656

nvd

libtiff

buffer overflow

arbitrary code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.029 Low

EPSS

Percentile

90.9%

JSON

Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.

Affected configurations

NVD

Node

libtifflibtiffRange≤3.8.2

libtifflibtiffMatch3.4

libtifflibtiffMatch3.5.1

libtifflibtiffMatch3.5.2

libtifflibtiffMatch3.5.3

libtifflibtiffMatch3.5.4

libtifflibtiffMatch3.5.5

libtifflibtiffMatch3.5.6

libtifflibtiffMatch3.5.7

libtifflibtiffMatch3.6.0

libtifflibtiffMatch3.6.1

libtifflibtiffMatch3.7.0

libtifflibtiffMatch3.7.1

libtifflibtiffMatch3.8.0

libtifflibtiffMatch3.8.1

CPENameOperatorVersion
libtiff:libtifflibtiffle3.8.2
libtiff:libtifflibtiffeq3.4
libtiff:libtifflibtiffeq3.5.1
libtiff:libtifflibtiffeq3.5.2
libtiff:libtifflibtiffeq3.5.3
libtiff:libtifflibtiffeq3.5.4
libtiff:libtifflibtiffeq3.5.5
libtiff:libtifflibtiffeq3.5.6
libtiff:libtifflibtiffeq3.5.7
libtiff:libtifflibtiffeq3.6.0

CPE	Name	Operator	Version
libtiff:libtiff	libtiff	le	3.8.2
libtiff:libtiff	libtiff	eq	3.4
libtiff:libtiff	libtiff	eq	3.5.1
libtiff:libtiff	libtiff	eq	3.5.2
libtiff:libtiff	libtiff	eq	3.5.3
libtiff:libtiff	libtiff	eq	3.5.4
libtiff:libtiff	libtiff	eq	3.5.5
libtiff:libtiff	libtiff	eq	3.5.6
libtiff:libtiff	libtiff	eq	3.5.7
libtiff:libtiff	libtiff	eq	3.6.0