CVE-2006-2656

Publication date 30 May 2006

Last updated 24 July 2024

Ubuntu priority

Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
ia32-libs	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Ignored end of life, was needed
	7.04 feisty	Not affected
	6.10 edgy	Not affected
	6.06 LTS dapper	Fixed 1.4ubuntu20
tiff	9.10 karmic	Fixed 3.8.2-6
	9.04 jaunty	Fixed 3.8.2-6
	8.10 intrepid	Fixed 3.8.2-6
	8.04 LTS hardy	Fixed 3.8.2-6
	7.10 gutsy	Fixed 3.8.2-6
	7.04 feisty	Fixed 3.8.2-6
	6.10 edgy	Fixed 3.8.2-6
	6.06 LTS dapper	Fixed 3.7.4-1ubuntu3.2

CVE-2006-2656

Status

References

Related Ubuntu Security Notices (USN)

Other references