VYPR
Unrated severityNVD Advisory· Published May 30, 2006· Updated Jun 16, 2026

CVE-2006-2656

CVE-2006-2656

Description

Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17
  • LibTIFF/Libtiff16 versions
    cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*+ 15 more
    • cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*range: <=3.8.2
    • cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
    • (no CPE)range: <=3.8.2

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.