CVE-2006-2656
published 2006-05-30CVE-2006-2656: Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
14.41%
96.2th percentile
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tiff | < tiff 3.8.2-3 (bookworm) | tiff 3.8.2-3 (bookworm) |
| libtiff | libtiff | <= 3.8.2 | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
| libtiff | libtiff | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-66cg-m82w-2g9c: Stack-based buffer overflow in the tiffsplit command in libtiff 3
ghsa_unreviewed·2022-05-01
CVE-2006-2656 [HIGH] CWE-119 GHSA-66cg-m82w-2g9c: Stack-based buffer overflow in the tiffsplit command in libtiff 3
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
OSV
CVE-2006-2656: Stack-based buffer overflow in the tiffsplit command in libtiff 3
osv·2006-05-30·CVSS 7.5
CVE-2006-2656 [HIGH] CVE-2006-2656: Stack-based buffer overflow in the tiffsplit command in libtiff 3
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
Ubuntu
tiff vulnerabilities
vendor_ubuntu·2006-06-08·CVSS 7.5
CVE-2006-2193 [HIGH] tiff vulnerabilities
Title: tiff vulnerabilities
Summary: tiff vulnerabilities
A buffer overflow has been found in the tiff2pdf utility. By tricking
an user into processing a specially crafted TIF file with tiff2pdf,
this could potentially be exploited to execute arbitrary code with the
privileges of the user. (CVE-2006-2193)
A. Alejandro Hernández discovered a buffer overflow in the tiffsplit
utility. By calling tiffsplit with specially crafted long arguments,
an user can execute arbitrary code. If tiffsplit is used in e. g. a
web-based frontend or similar automated system, this could lead to
remote arbitary code execution with the privileges of that system. (In
normal interactive command line usage this is not a vulnerability.)
(CVE-2006-2656)
Instructions: In general, a standard system upgrade is suffic
Red Hat
tiffsplit buffer overflow
vendor_redhat·2006-05-25·CVSS 7.5
CVE-2006-2656 [HIGH] tiffsplit buffer overflow
tiffsplit buffer overflow
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Debian
CVE-2006-2656: tiff - Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlie...
vendor_debian·2006·CVSS 7.5
CVE-2006-2656 [HIGH] CVE-2006-2656: tiff - Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlie...
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
Scope: local
bookworm: resolved (fixed in 3.8.2-3)
bullseye: resolved (fixed in 3.8.2-3)
forky: resolved (fixed in 3.8.2-3)
sid: resolved (fixed in 3.8.2-3)
trixie: resolved (fixed in 3.8.2-3)
No detection rules found.
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.htmlhttp://marc.info/?l=vuln-dev&m=114857412916909&w=2http://secunia.com/advisories/20501http://secunia.com/advisories/20520http://secunia.com/advisories/20766http://secunia.com/advisories/21002http://security.gentoo.org/glsa/glsa-200607-03.xmlhttp://www.debian.org/security/2006/dsa-1091http://www.mandriva.com/security/advisories?name=MDKSA-2006:095https://usn.ubuntu.com/289-1/https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.htmlhttp://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.htmlhttp://marc.info/?l=vuln-dev&m=114857412916909&w=2http://secunia.com/advisories/20501http://secunia.com/advisories/20520http://secunia.com/advisories/20766http://secunia.com/advisories/21002http://security.gentoo.org/glsa/glsa-200607-03.xmlhttp://www.debian.org/security/2006/dsa-1091http://www.mandriva.com/security/advisories?name=MDKSA-2006:095https://usn.ubuntu.com/289-1/https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.html
2006-05-30
Published