Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Libtiff
  • Libtiff

Configuration 1 [-]

OR cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355
http://bugzilla.remotesensing.org/show_bug.cgi?id=1196 Exploit Patch
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html
http://secunia.com/advisories/20488 Patch Vendor Advisory
http://secunia.com/advisories/20501
http://secunia.com/advisories/20520
http://secunia.com/advisories/20693
http://secunia.com/advisories/20766
http://secunia.com/advisories/21002
http://secunia.com/advisories/27181
http://secunia.com/advisories/27222
http://secunia.com/advisories/27832
http://secunia.com/advisories/31670
http://security.gentoo.org/glsa/glsa-200607-03.xml
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
http://www.debian.org/security/2006/dsa-1091 Patch Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2006:102
http://www.redhat.com/support/errata/RHSA-2008-0848.html
http://www.securityfocus.com/bid/18331
http://www.vupen.com/english/advisories/2006/2197
http://www.vupen.com/english/advisories/2007/3486
http://www.vupen.com/english/advisories/2007/4034
https://exchange.xforce.ibmcloud.com/vulnerabilities/26991
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788
https://usn.ubuntu.com/289-1/
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2006-06-08T19:00:00

Updated: 2018-10-03T20:57:01

Reserved: 2006-05-04T00:00:00

Link: CVE-2006-2193

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2006-06-08T19:06:00.000

Modified: 2018-10-03T21:40:33.023

Link: CVE-2006-2193

JSON object: View

cve-icon Redhat Information

No data.

CWE