CVE-2006-2656
Published: 30 May 2006
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
Priority
Status
Package | Release | Status |
---|---|---|
ia32-libs Launchpad, Ubuntu, Debian |
dapper |
Released
(1.4ubuntu20)
|
edgy |
Not vulnerable
|
|
feisty |
Not vulnerable
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
(has tiff 3.8.2-7)
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Needs triage
|
|
tiff Launchpad, Ubuntu, Debian |
dapper |
Released
(3.7.4-1ubuntu3.2)
|
edgy |
Released
(3.8.2-6)
|
|
feisty |
Released
(3.8.2-6)
|
|
gutsy |
Released
(3.8.2-6)
|
|
hardy |
Released
(3.8.2-6)
|
|
intrepid |
Released
(3.8.2-6)
|
|
jaunty |
Released
(3.8.2-6)
|
|
karmic |
Released
(3.8.2-6)
|
|
upstream |
Released
(3.8.2-3)
|