CVE-2006-2120
EPSS 0.32%tiff - out-of-bounds read
Published: 5/1/2006Modified: 3/9/2026
Description
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
Affected packages (2)
- Debian/tifffrom 0, < 3.8.1
- Debian/tifffrom 0, < 3.7.2-4