CVE - CVE-2006-2193

CVE-ID
CVE-2006-2193	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:18331 URL:http://www.securityfocus.com/bid/18331 CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355 CONFIRM:http://bugzilla.remotesensing.org/show_bug.cgi?id=1196 DEBIAN:DSA-1091 URL:http://www.debian.org/security/2006/dsa-1091 GENTOO:GLSA-200607-03 URL:http://security.gentoo.org/glsa/glsa-200607-03.xml MANDRIVA:MDKSA-2006:102 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2006:102~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:9788 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788 REDHAT:RHSA-2008:0848 URL:http://www.redhat.com/support/errata/RHSA-2008-0848.html SECUNIA:20488 URL:http://secunia.com/advisories/20488 SECUNIA:20501 URL:http://secunia.com/advisories/20501 SECUNIA:20520 URL:http://secunia.com/advisories/20520 SECUNIA:20693 URL:http://secunia.com/advisories/20693 SECUNIA:20766 URL:http://secunia.com/advisories/20766 SECUNIA:21002 URL:http://secunia.com/advisories/21002 SECUNIA:27181 URL:http://secunia.com/advisories/27181 SECUNIA:27222 URL:http://secunia.com/advisories/27222 SECUNIA:27832 URL:http://secunia.com/advisories/27832 SECUNIA:31670 URL:http://secunia.com/advisories/31670 SUNALERT:103160 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1~~ (Obsolete source) SUNALERT:201331 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1~~ (Obsolete source) SUSE:SUSE-SR:2006:014 URL:http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html UBUNTU:USN-289-1 URL:https://usn.ubuntu.com/289-1/ VUPEN:ADV-2006-2197 URL:~~http://www.vupen.com/english/advisories/2006/2197~~ (Obsolete source) VUPEN:ADV-2007-3486 URL:~~http://www.vupen.com/english/advisories/2007/3486~~ (Obsolete source) VUPEN:ADV-2007-4034 URL:~~http://www.vupen.com/english/advisories/2007/4034~~ (Obsolete source) XF:libtiff-tiff2pdf-bo(26991) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26991
Assigning CNA
Debian GNU/Linux
Date Record Created
20060504	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060504)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)