CVE-2006-2120
tiff - out-of-bounds read
EPSS 0.32%
Description
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
How to fix CVE-2006-2120
To remediate CVE-2006-2120, upgrade the affected package to a fixed version below.
- Debian/tiff—upgrade to 3.8.1 or later
- Debian/tiff—upgrade to 3.7.2-4 or later
Is CVE-2006-2120 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.8.1
- from 0, < 3.7.2-4