CVE-2006-2656
Published: 30 May 2006
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
ia32-libs Launchpad, Ubuntu, Debian |
dapper |
Released
(1.4ubuntu20)
|
| edgy |
Not vulnerable
|
|
| feisty |
Not vulnerable
|
|
| gutsy |
Ignored
(end of life, was needed)
|
|
| hardy |
Not vulnerable
(has tiff 3.8.2-7)
|
|
| intrepid |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
tiff Launchpad, Ubuntu, Debian |
dapper |
Released
(3.7.4-1ubuntu3.2)
|
| edgy |
Released
(3.8.2-6)
|
|
| feisty |
Released
(3.8.2-6)
|
|
| gutsy |
Released
(3.8.2-6)
|
|
| hardy |
Released
(3.8.2-6)
|
|
| intrepid |
Released
(3.8.2-6)
|
|
| jaunty |
Released
(3.8.2-6)
|
|
| karmic |
Released
(3.8.2-6)
|
|
| upstream |
Released
(3.8.2-3)
|