Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Libtiff
  • Libtiff
Redhat
  • Enterprise Linux

Configuration 1 [-]

OR cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.4:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.4:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.5:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.6:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.5.7:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.8.0:*:*:*:*:*:*:*
cpe:2.3:a:libtiff:libtiff:3.8.1:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 4
libtiff-0:3.6.1-12.el4_7.2 cpe:/o:redhat:enterprise_linux:4 RHSA-2008:0848 2008-08-28T00:00:00Z
References
Link Providers
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355 cve-icon cve-icon
http://bugzilla.remotesensing.org/show_bug.cgi?id=1196 cve-icon cve-icon
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html cve-icon cve-icon
http://secunia.com/advisories/20488 cve-icon cve-icon
http://secunia.com/advisories/20501 cve-icon cve-icon
http://secunia.com/advisories/20520 cve-icon cve-icon
http://secunia.com/advisories/20693 cve-icon cve-icon
http://secunia.com/advisories/20766 cve-icon cve-icon
http://secunia.com/advisories/21002 cve-icon cve-icon
http://secunia.com/advisories/27181 cve-icon cve-icon
http://secunia.com/advisories/27222 cve-icon cve-icon
http://secunia.com/advisories/27832 cve-icon cve-icon
http://secunia.com/advisories/31670 cve-icon cve-icon
http://security.gentoo.org/glsa/glsa-200607-03.xml cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 cve-icon cve-icon
http://www.debian.org/security/2006/dsa-1091 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:102 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0848.html cve-icon cve-icon
http://www.securityfocus.com/bid/18331 cve-icon cve-icon
http://www.vupen.com/english/advisories/2006/2197 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/3486 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/4034 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/26991 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2006-2193 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788 cve-icon cve-icon
https://usn.ubuntu.com/289-1/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2006-2193 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: debian

Published: 2006-06-08T19:00:00

Updated: 2024-08-07T17:43:27.935Z

Reserved: 2006-05-04T00:00:00

Link: CVE-2006-2193

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-06-08T19:06:00.000

Modified: 2018-10-03T21:40:33.023

Link: CVE-2006-2193

cve-icon Redhat

Severity : Low

Publid Date: 2006-06-07T00:00:00Z

Links: CVE-2006-2193 - Bugzilla