CVE Vulnerabilities

CVE-2006-2120

Published: May 01, 2006 | Modified: Nov 21, 2024
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
UNTRIAGED

The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.

Affected Software

Name Vendor Start Version End Version
Libtiff Libtiff 3.8.1 (including) 3.8.1 (including)
Red Hat Enterprise Linux 3 RedHat libtiff-0:3.5.7-25.el3.1 *
Red Hat Enterprise Linux 4 RedHat libtiff-0:3.6.1-10 *
Tiff Ubuntu dapper *

References