CVE-2006-2120

Publication date 1 May 2006

Last updated 24 July 2024


Ubuntu priority

The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
tiff 7.04 feisty
Not affected
6.10 edgy
Not affected
6.06 LTS dapper
Fixed 3.7.4-1ubuntu3.2

References

Related Ubuntu Security Notices (USN)

    • USN-277-1
    • TIFF library vulnerabilities
    • 4 May 2006

Other references