CVE-2006-1168
ncompress - buffer underflow
EPSS 9.8%
Description
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
How to fix CVE-2006-1168
To remediate CVE-2006-1168, upgrade the affected package to a fixed version below.
- Debian/ncompress—upgrade to 4.2.4-16 or later
- Debian/ncompress—upgrade to 4.2.4-15sarge2 or later
Is CVE-2006-1168 being exploited?
Moderate — EPSS is 9.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 4.2.4-16
- from 0, < 4.2.4-15sarge2