CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-2656

Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.139

EPSS Ranking 94.0%

CVSS Severity

CVSS v2 Score 7.5

References

Products affected by CVE-2006-2656

Libtiff » Libtiff » Version: N/A

cpe:2.3:a:libtiff:libtiff:-
Libtiff » Libtiff » Version: 3.4

cpe:2.3:a:libtiff:libtiff:3.4
Libtiff » Libtiff » Version: 3.5.1

cpe:2.3:a:libtiff:libtiff:3.5.1
Libtiff » Libtiff » Version: 3.5.2

cpe:2.3:a:libtiff:libtiff:3.5.2
Libtiff » Libtiff » Version: 3.5.3

cpe:2.3:a:libtiff:libtiff:3.5.3
Libtiff » Libtiff » Version: 3.5.4

cpe:2.3:a:libtiff:libtiff:3.5.4
Libtiff » Libtiff » Version: 3.5.5

cpe:2.3:a:libtiff:libtiff:3.5.5
Libtiff » Libtiff » Version: 3.5.6

cpe:2.3:a:libtiff:libtiff:3.5.6
Libtiff » Libtiff » Version: 3.5.7

cpe:2.3:a:libtiff:libtiff:3.5.7
Libtiff » Libtiff » Version: 3.6.0

cpe:2.3:a:libtiff:libtiff:3.6.0
Libtiff » Libtiff » Version: 3.6.1

cpe:2.3:a:libtiff:libtiff:3.6.1
Libtiff » Libtiff » Version: 3.7.0

cpe:2.3:a:libtiff:libtiff:3.7.0
Libtiff » Libtiff » Version: 3.7.1

cpe:2.3:a:libtiff:libtiff:3.7.1
Libtiff » Libtiff » Version: 3.7.2

cpe:2.3:a:libtiff:libtiff:3.7.2
Libtiff » Libtiff » Version: 3.7.3

cpe:2.3:a:libtiff:libtiff:3.7.3
Libtiff » Libtiff » Version: 3.7.4

cpe:2.3:a:libtiff:libtiff:3.7.4
Libtiff » Libtiff » Version: 3.8.0

cpe:2.3:a:libtiff:libtiff:3.8.0
Libtiff » Libtiff » Version: 3.8.1

cpe:2.3:a:libtiff:libtiff:3.8.1
Libtiff » Libtiff » Version: 3.8.2

cpe:2.3:a:libtiff:libtiff:3.8.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-2656

Products

Pricing

Contact Us