VDB
CVE-2006-2120
CVE-2006-2120
PUBLISHED
CVSS 2.0999999046325684 LOW
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
EPSS 0.32% · 55.5th percentile
Risk Scores
CVSS 2.0
2.0999999046325684
EPSS Score
0.32%
55.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
| libtiff | libtiff | 3.8.1 |
Exploit Intelligence
- 20210 (circl)
- http://bugzilla.remotesensing.org/show_bug.cgi?id=1065 (circl)
- 19949 (circl)
- 17809 (circl)
- USN-277-1 (circl)
- 20667 (circl)
- 19936 (circl)
- 19964 (circl)
- 2006-0024 (circl)
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974 (circl)
…and 8 more exploits
Timeline
- May 1, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Apr 12, 2023 EPSS Score
References
- 20210 third-party-advisory
- http://bugzilla.remotesensing.org/show_bug.cgi?id=1065 url
- 19949 third-party-advisory
- 17809 vdb
- USN-277-1 vendor-advisory
- 20667 third-party-advisory
- 19936 third-party-advisory
- 19964 third-party-advisory
- 2006-0024 vendor-advisory
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189974 url
- 20330 third-party-advisory
- DSA-1078 vendor-advisory
- 20060501-01-U vendor-advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm url
- RHSA-2006:0425 vendor-advisory
- oval:org.mitre.oval:def:9572 vdb
- MDKSA-2006:082 vendor-advisory
- 20023 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2006-2120 advisory
- https://usn.ubuntu.com/277-1 url