Bug 194362 (CVE-2006-2193) - CVE-2006-2193 tiff2pdf buffer overflow
Summary: CVE-2006-2193 tiff2pdf buffer overflow
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2006-2193
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
Assignee: Tom Lane
QA Contact:
URL:
Whiteboard:
Depends On: 458814 458815
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-06-07 15:15 UTC by Josh Bressers
Modified: 2021-11-12 19:32 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-01-09 09:40:09 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0848 0 normal SHIPPED_LIVE Important: libtiff security and bug fix update 2008-08-28 22:23:55 UTC

Description Josh Bressers 2006-06-07 15:15:54 UTC
tiff2pdf buffer overflow

A buffer overflow flaw has been found in tiff2pdf.
Thomas Biege told vendor-sec about this (it came from a colleague of
his)

The code in question is as such:

char buffer[5];
...
sprintf(buffer, "\\%.3o", pdfstr[i]);


pdfstr[i] is signed char, therefore would write \37777777741

Comment 3 Jindrich Novy 2006-09-05 12:54:54 UTC
Fixed since libtiff-3.8.2-6.fc6

Comment 5 Fedora Update System 2006-09-05 14:26:33 UTC
libtiff-3.8.2-1.fc5 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 6 Mark J. Cox 2007-08-21 11:20:49 UTC
moving to security response product -- should we decide to fix this in a future
update we'll create the appropriate tracking bugs with flags for rhel4.

Comment 8 Red Hat Product Security 2009-01-09 09:40:09 UTC
This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0848.html


Note You need to log in before you can comment on or make changes to this bug.