Vulnerability Details : CVE-2006-2656
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-2656
- cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2656
13.88%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-2656
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2006-2656
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-2656
-
Red Hat 2008-08-12This issue was addressed in libtiff packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4 via: https://rhn.redhat.com/errata/RHSA-2006-0603.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
References for CVE-2006-2656
-
http://security.gentoo.org/glsa/glsa-200607-03.xml
libTIFF: Multiple buffer overflows (GLSA 200607-03) — Gentoo security
-
http://www.debian.org/security/2006/dsa-1091
[SECURITY] [DSA 1091-1] New TIFF packages fix arbitrary code execution
-
http://www.mandriva.com/security/advisories?name=MDKSA-2006:095
Mandriva
-
http://secunia.com/advisories/20766
About Secunia Research | FlexeraVendor Advisory
-
http://secunia.com/advisories/20501
About Secunia Research | FlexeraVendor Advisory
-
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html
Object not found!
-
http://secunia.com/advisories/21002
About Secunia Research | FlexeraVendor Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.html
[SECURITY] Fedora Core 4 Update: libtiff-3.7.1-6.fc4.2Patch
-
https://usn.ubuntu.com/289-1/
404: Page not found | Ubuntu
-
http://secunia.com/advisories/20520
About Secunia Research | FlexeraVendor Advisory
-
http://marc.info/?l=vuln-dev&m=114857412916909&w=2
'tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow...' - MARC
Jump to