CVE-2006-2656
CVE-2006-2656
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/1831unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.htmlhttp://marc.info/?l=vuln-dev&m=114857412916909&w=2http://secunia.com/advisories/20501http://secunia.com/advisories/20520http://secunia.com/advisories/20766http://secunia.com/advisories/21002http://security.gentoo.org/glsa/glsa-200607-03.xmlhttps://usn.ubuntu.com/289-1/https://www.redhat.com/archives/fedora-package-announce/2006-May/msg00127.htmlhttp://www.debian.org/security/2006/dsa-1091http://www.mandriva.com/security/advisories?name=MDKSA-2006:095