CVE-2006-2193

Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.

Affected Software

Name	Vendor	Start Version	End Version
Libtiff	Libtiff	*	3.8.2 (including)
Libtiff	Libtiff	3.4 (including)	3.4 (including)
Libtiff	Libtiff	3.5.1 (including)	3.5.1 (including)
Libtiff	Libtiff	3.5.2 (including)	3.5.2 (including)
Libtiff	Libtiff	3.5.3 (including)	3.5.3 (including)
Libtiff	Libtiff	3.5.4 (including)	3.5.4 (including)
Libtiff	Libtiff	3.5.5 (including)	3.5.5 (including)
Libtiff	Libtiff	3.5.6 (including)	3.5.6 (including)
Libtiff	Libtiff	3.5.7 (including)	3.5.7 (including)
Libtiff	Libtiff	3.6.0 (including)	3.6.0 (including)
Libtiff	Libtiff	3.6.1 (including)	3.6.1 (including)
Libtiff	Libtiff	3.7.0 (including)	3.7.0 (including)
Libtiff	Libtiff	3.7.1 (including)	3.7.1 (including)
Libtiff	Libtiff	3.8.0 (including)	3.8.0 (including)
Libtiff	Libtiff	3.8.1 (including)	3.8.1 (including)
Red Hat Enterprise Linux 4	RedHat	libtiff-0:3.6.1-12.el4_7.2	*
Tiff	Ubuntu	dapper	*
Tiff	Ubuntu	devel	*
Tiff	Ubuntu	edgy	*
Tiff	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2193
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References