CVE-2006-2193 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-2193
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-2193

Description: Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/26991 UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-289-1 SUSE http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 SAID Secunia Advisory: SA20520 Secunia Advisory: SA20488 Secunia Advisory: SA20501 Secunia Advisory: SA20693 Secunia Advisory: SA20766 Secunia Advisory: SA21002 Secunia Advisory: SA27181 Secunia Advisory: SA27222 Secunia Advisory: SA27832 Secunia Advisory: SA31670 REDHAT http://www.redhat.com/support/errata/RHSA-2008-0848.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2006:102 GENTOO http://security.gentoo.org/glsa/glsa-200607-03.xml DEBIAN http://www.debian.org/security/2006/dsa-1091 CONFIRM http://bugzilla.remotesensing.org/show_bug.cgi?id=1196 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355 BID 18331

Return to the previous page.