Vulnerability Description
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ncompress | Ncompress | 4.2.4 |
References
- ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc
- http://bugs.gentoo.org/show_bug.cgi?id=141728
- http://downloads.avaya.com/css/P8/documents/100158840
- http://rhn.redhat.com/errata/RHSA-2012-0810.html
- http://secunia.com/advisories/21427
- http://secunia.com/advisories/21434
- http://secunia.com/advisories/21437
- http://secunia.com/advisories/21467
- http://secunia.com/advisories/21880
- http://secunia.com/advisories/22036
- http://secunia.com/advisories/22296
- http://secunia.com/advisories/22377
- http://security.gentoo.org/glsa/glsa-200610-03.xml
- http://securitytracker.com/id?1016836
- http://support.avaya.com/elmodocs2/security/ASA-2006-226.htm
FAQ
What is CVE-2006-1168?
CVE-2006-1168 is a vulnerability with a CVSS score of 7.5 (HIGH). The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that l...
How severe is CVE-2006-1168?
CVE-2006-1168 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1168?
Check the references section above for vendor advisories and patch information. Affected products include: Ncompress Ncompress.