Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-2193

Published: 08/06/2006 Updated: 03/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Libtiff

Vulnerability Summary

Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and previous versions allows malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.

Vulnerable Product Search on Vulmon Subscribe to Product

libtiff libtiff 3.4

libtiff libtiff 3.5.7

libtiff libtiff 3.6.0

libtiff libtiff 3.5.1

libtiff libtiff 3.5.2

libtiff libtiff 3.6.1

libtiff libtiff 3.7.0

libtiff libtiff 3.5.5

libtiff libtiff 3.5.6

libtiff libtiff 3.8.1

libtiff libtiff

libtiff libtiff 3.5.3

libtiff libtiff 3.5.4

libtiff libtiff 3.7.1

libtiff libtiff 3.8.0

Vendor Advisories

Debian CVElist Bug Report Logs: libtiff-tools: tiff2pdf segfault
Debian Bug report logs - #370355 libtiff-tools: tiff2pdf segfault Package: libtiff-tools; Maintainer for libtiff-tools is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for libtiff-tools is src:tiff (PTS, buildd, popcon) Reported by: gpe92 <gpe92@freefr> Date: Sun, 4 Jun 2006 19:18:24 UTC Severity: important Ta ...
Ubuntu Security Notice: tiff vulnerabilities
A buffer overflow has been found in the tiff2pdf utility By tricking an user into processing a specially crafted TIF file with tiff2pdf, this could potentially be exploited to execute arbitrary code with the privileges of the user (CVE-2006-2193) ...
Debian Security Advisories: DSA-1091-1 tiff -- buffer overflows
Several problems have been discovered in the TIFF library The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2006-2193 SuSE discovered a buffer overflow in the conversion of TIFF files into PDF documents which could be exploited when tiff2pdf is used eg in a printer filter CVE-2006-2656 The ti ...

References

NVD-CWE-Otherhttp://bugzilla.remotesensing.org/show_bug.cgi?id=1196http://www.debian.org/security/2006/dsa-1091http://secunia.com/advisories/20488http://secunia.com/advisories/20501http://secunia.com/advisories/20520http://www.securityfocus.com/bid/18331http://secunia.com/advisories/20693http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.htmlhttp://secunia.com/advisories/20766http://security.gentoo.org/glsa/glsa-200607-03.xmlhttp://secunia.com/advisories/21002http://www.mandriva.com/security/advisories?name=MDKSA-2006:102http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1http://secunia.com/advisories/27181http://secunia.com/advisories/27222http://secunia.com/advisories/27832http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1http://www.redhat.com/support/errata/RHSA-2008-0848.htmlhttp://secunia.com/advisories/31670http://www.vupen.com/english/advisories/2007/4034http://www.vupen.com/english/advisories/2006/2197http://www.vupen.com/english/advisories/2007/3486http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355https://exchange.xforce.ibmcloud.com/vulnerabilities/26991https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788https://usn.ubuntu.com/289-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355https://nvd.nist.govhttps://usn.ubuntu.com/289-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook