PT-2006-1037 · Libtiff+1 · Libtiff+1

Martin Pitt

Published

2006-06-08

Updated

2018-10-03

CVE-2006-2193

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: libtiff versions 3.8.2 and earlier libtiff versions 3.6.1 and earlier

Description: The issue is related to a buffer overflow in the t2p write pdf string function in tiff2pdf, which can be triggered by a TIFF file with a DocumentName tag containing UTF-8 characters. This can cause a denial of service (crash) and possibly allow the execution of arbitrary code. The vulnerability can be exploited remotely, potentially leading to a violation of confidentiality, integrity, and availability of protected information.

Recommendations: For libtiff versions 3.8.2 and earlier, update to a version later than 3.8.2 to resolve the issue. For libtiff versions 3.6.1 and earlier, update to a version later than 3.6.1 to resolve the issue. As a temporary workaround, consider restricting access to TIFF files with UTF-8 characters in the DocumentName tag to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-06337

BDU:2015-06343

BDU:2015-07390

BDU:2015-07391

BDU:2015-08353

BDU:2015-08354

BDU:2015-09506

CVE-2006-2193

DSA-1091-1

RHSA-2008:0848

RHSA-2008_0848

Affected Products

Red Hat

Libtiff

PT-2006-1037 · Libtiff+1 · Libtiff+1

CVE-2006-2193

Related Identifiers

Affected Products

References · 45