PublicDateAtUSN: 2006-05-30
PublicDate: 2006-05-30 18:02:00 UTC
Candidate: CVE-2006-2656
References:
 https://ubuntu.com/security/notices/USN-289-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2656
Description:
 Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and
 earlier might might allow attackers to execute arbitrary code via a long
 filename.  NOTE: tiffsplit is not setuid.  If there is not a common
 scenario under which tiffsplit is called with attacker-controlled command
 line arguments, then perhaps this issue should not be included in CVE.
Ubuntu-Description:
Notes:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:

Bugs:
upstream_tiff: released (3.8.2-3)
dapper_tiff: released (3.7.4-1ubuntu3.2)
edgy_tiff: released (3.8.2-6)
feisty_tiff: released (3.8.2-6)
gutsy_tiff: released (3.8.2-6)
hardy_tiff: released (3.8.2-6)
intrepid_tiff: released (3.8.2-6)
jaunty_tiff: released (3.8.2-6)
karmic_tiff: released (3.8.2-6)
devel_tiff: released (3.8.2-6)

upstream_ia32-libs: needs-triage
dapper_ia32-libs: released (1.4ubuntu20)
edgy_ia32-libs: not-affected
feisty_ia32-libs: not-affected
gutsy_ia32-libs: needed (reached end-of-life)
hardy_ia32-libs: not-affected (has tiff 3.8.2-7)
intrepid_ia32-libs: not-affected
jaunty_ia32-libs: not-affected
karmic_ia32-libs: not-affected
devel_ia32-libs: not-affected