Bug 194362 - (CVE-2006-2193) CVE-2006-2193 tiff2pdf buffer overflow
CVE-2006-2193 tiff2pdf buffer overflow
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity low
: ---
: ---
Assigned To: Tom Lane
impact=low,public=20060607,reported=2...
: Reopened, Security
Depends On: 458814 458815
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-07 11:15 EDT by Josh Bressers
Modified: 2013-07-02 23:09 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-09 04:40:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2006-06-07 11:15:54 EDT
tiff2pdf buffer overflow

A buffer overflow flaw has been found in tiff2pdf.
Thomas Biege told vendor-sec about this (it came from a colleague of
his)

The code in question is as such:

char buffer[5];
...
sprintf(buffer, "\\%.3o", pdfstr[i]);


pdfstr[i] is signed char, therefore would write \37777777741
Comment 3 Jindrich Novy 2006-09-05 08:54:54 EDT
Fixed since libtiff-3.8.2-6.fc6
Comment 5 Fedora Update System 2006-09-05 10:26:33 EDT
libtiff-3.8.2-1.fc5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.
Comment 6 Mark J. Cox (Product Security) 2007-08-21 07:20:49 EDT
moving to security response product -- should we decide to fix this in a future
update we'll create the appropriate tracking bugs with flags for rhel4.
Comment 8 Red Hat Product Security 2009-01-09 04:40:09 EST
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0848.html

Note You need to log in before you can comment on or make changes to this bug.