Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-2656

Published: 30/05/2006 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Libtiff

Vulnerability Summary

Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and previous versions might might allow malicious users to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.

Vulnerable Product Search on Vulmon Subscribe to Product

libtiff libtiff 3.6.1

libtiff libtiff 3.8.0

libtiff libtiff 3.8.1

libtiff libtiff 3.4

libtiff libtiff 3.5.7

libtiff libtiff 3.7.0

libtiff libtiff 3.6.0

libtiff libtiff 3.5.3

libtiff libtiff 3.7.1

libtiff libtiff 3.5.4

libtiff libtiff 3.5.2

libtiff libtiff 3.5.5

libtiff libtiff 3.5.1

libtiff libtiff 3.5.6

libtiff libtiff

Vendor Advisories

Debian CVElist Bug Report Logs: libtiff-tools: Buffer overflow in tiffsplit [CVE-2006-2656]
Debian Bug report logs - #369819 libtiff-tools: Buffer overflow in tiffsplit [CVE-2006-2656] Package: libtiff-tools; Maintainer for libtiff-tools is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for libtiff-tools is src:tiff (PTS, buildd, popcon) Reported by: Martin Pitt <martinpitt@ubuntucom> Date: Thu, 1 Jun ...
Ubuntu Security Notice: tiff vulnerabilities
A buffer overflow has been found in the tiff2pdf utility By tricking an user into processing a specially crafted TIF file with tiff2pdf, this could potentially be exploited to execute arbitrary code with the privileges of the user (CVE-2006-2193) ...
Debian Security Advisories: DSA-1091-1 tiff -- buffer overflows
Several problems have been discovered in the TIFF library The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2006-2193 SuSE discovered a buffer overflow in the conversion of TIFF files into PDF documents which could be exploited when tiff2pdf is used eg in a printer filter CVE-2006-2656 The ti ...

Exploits

Exploit DB: tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow
# tiffsplit (libtiff <= 382) local stack buffer overflow PoC tiffsplit from libtiff (wwwremotesensingorg/libtiff/) is vulnerable to a bss-based and stack-based overflow, but, I just wrote the concept c0de for stack-based b0f 'cause I don't know how to take advantage of the overwritten bss data (after the overflow, that data is overwr ...

References

CWE-119https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.htmlhttp://www.debian.org/security/2006/dsa-1091http://secunia.com/advisories/20501http://secunia.com/advisories/20520http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.htmlhttp://secunia.com/advisories/20766http://security.gentoo.org/glsa/glsa-200607-03.xmlhttp://secunia.com/advisories/21002http://www.mandriva.com/security/advisories?name=MDKSA-2006:095http://marc.info/?l=vuln-dev&m=114857412916909&w=2https://usn.ubuntu.com/289-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369819https://usn.ubuntu.com/289-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/1831/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook