7.5

CVE-2006-2193

Exploit
Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibtiffLibtiff Version <= 3.8.2
LibtiffLibtiff Version3.4
LibtiffLibtiff Version3.5.1
LibtiffLibtiff Version3.5.2
LibtiffLibtiff Version3.5.3
LibtiffLibtiff Version3.5.4
LibtiffLibtiff Version3.5.5
LibtiffLibtiff Version3.5.6
LibtiffLibtiff Version3.5.7
LibtiffLibtiff Version3.6.0
LibtiffLibtiff Version3.6.1
LibtiffLibtiff Version3.7.0
LibtiffLibtiff Version3.7.1
LibtiffLibtiff Version3.8.0
LibtiffLibtiff Version3.8.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.46% 0.918
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html
http://secunia.com/advisories/20501
http://secunia.com/advisories/20520
http://secunia.com/advisories/20766
http://secunia.com/advisories/21002
http://security.gentoo.org/glsa/glsa-200607-03.xml
http://www.debian.org/security/2006/dsa-1091
Patch
Vendor Advisory
https://usn.ubuntu.com/289-1/
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355
http://bugzilla.remotesensing.org/show_bug.cgi?id=1196
Patch
Exploit
http://secunia.com/advisories/20488
Patch
Vendor Advisory
http://secunia.com/advisories/20693
http://secunia.com/advisories/27181
http://secunia.com/advisories/27222
http://secunia.com/advisories/27832
http://secunia.com/advisories/31670
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103160-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201331-1
http://www.mandriva.com/security/advisories?name=MDKSA-2006:102
http://www.redhat.com/support/errata/RHSA-2008-0848.html
http://www.securityfocus.com/bid/18331
http://www.vupen.com/english/advisories/2006/2197
http://www.vupen.com/english/advisories/2007/3486
http://www.vupen.com/english/advisories/2007/4034
https://exchange.xforce.ibmcloud.com/vulnerabilities/26991
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9788