National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2006-2193 Detail

Description

Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.

Source:  MITRE      Last Modified:  06/08/2006

Quick Info

CVE Dictionary Entry:
CVE-2006-2193
Original release date:
06/08/2006
Last revised:
10/10/2017
Source:
US-CERT/NIST

Impact

CVSS Severity (version 2.0):
CVSS v2 Base Score:
7.5 HIGH
Vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
6.4
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Low
Authentication:
Not required to exploit
Impact Type:
Provides user account access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

Vendor Statements (disclaimer)

Official Statement from Red Hat (09/02/2008)

This issue does not affect Red Hat Enterprise Linux 2.1 and 3 This issue was addressed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2008-0848.html Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource Type Source Name
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355 External Source CONFIRM http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355
http://bugzilla.remotesensing.org/show_bug.cgi?id=1196 Exploit; Patch External Source CONFIRM http://bugzilla.remotesensing.org/show_bug.cgi?id=1196
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html External Source SUSE SUSE-SR:2006:014
http://security.gentoo.org/glsa/glsa-200607-03.xml External Source GENTOO GLSA-200607-03
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1 External Source SUNALERT 103160
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1 External Source SUNALERT 201331
http://www.debian.org/security/2006/dsa-1091 Patch; Vendor Advisory External Source DEBIAN DSA-1091
http://www.mandriva.com/security/advisories?name=MDKSA-2006:102 External Source MANDRIVA MDKSA-2006:102
http://www.redhat.com/support/errata/RHSA-2008-0848.html External Source REDHAT RHSA-2008:0848
http://www.securityfocus.com/bid/18331 External Source BID 18331
http://www.ubuntulinux.org/support/documentation/usn/usn-289-1 External Source UBUNTU USN-289-1
http://www.vupen.com/english/advisories/2006/2197 External Source VUPEN ADV-2006-2197
http://www.vupen.com/english/advisories/2007/3486 External Source VUPEN ADV-2007-3486
http://www.vupen.com/english/advisories/2007/4034 External Source VUPEN ADV-2007-4034
https://exchange.xforce.ibmcloud.com/vulnerabilities/26991 External Source XF libtiff-tiff2pdf-bo(26991)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788 External Source OVAL oval:org.mitre.oval:def:9788

References to Check Content

Identifier:
oval:org.mitre.oval:def:9788
Check System:
http://oval.mitre.org/XMLSchema/oval-definitions-5
Hyperlink:
http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9788

Technical Details

Vulnerability Type (View All)

Change History 4 change records found - show changes