Описание
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.4ubuntu20 |
| devel | not-affected | |
| edgy | not-affected | |
| feisty | not-affected | |
| gutsy | ignored | end of life, was needed |
| hardy | not-affected | has tiff 3.8.2-7 |
| intrepid | not-affected | |
| jaunty | not-affected | |
| karmic | not-affected | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 3.7.4-1ubuntu3.2 |
| devel | released | 3.8.2-6 |
| edgy | released | 3.8.2-6 |
| feisty | released | 3.8.2-6 |
| gutsy | released | 3.8.2-6 |
| hardy | released | 3.8.2-6 |
| intrepid | released | 3.8.2-6 |
| jaunty | released | 3.8.2-6 |
| karmic | released | 3.8.2-6 |
| upstream | released | 3.8.2-3 |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 ...
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
Уязвимости операционной системы Gentoo Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
EPSS
7.5 High
CVSS2