CVE-2006-2193

Severity

75%

Complexity

99%

Confidentiality

106%

Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 18 years ago

2006-06-08 19:06:00

Last updated 6 years ago

2018-10-03 21:40:00

Affected Software

LibTIFF 3.4

3.4

LibTIFF 3.5.1

3.5.1

LibTIFF 3.5.2

3.5.2

LibTIFF 3.5.3

3.5.3

LibTIFF 3.5.4

3.5.4

LibTIFF 3.5.5

3.5.5

LibTIFF 3.5.6

3.5.6

LibTIFF 3.5.7

3.5.7

LibTIFF 3.6.0

3.6.0

LibTIFF 3.6.1

3.6.1

LibTIFF 3.7.0

3.7.0

LibTIFF 3.7.1

3.7.1

LibTIFF 3.8.0

3.8.0

LibTIFF 3.8.1

3.8.1

LibTIFF

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355

http://bugzilla.remotesensing.org/show_bug.cgi?id=1196

Exploit, Patch

SUSE-SR:2006:014

20488

Patch, Vendor Advisory

20501

20520

20693

20766

21002

27181

27222

27832

31670

GLSA-200607-03

103160

201331

DSA-1091