CVE-2006-2193 – tiff2pdf buffer overflow
https://notcve.org/view.php?id=CVE-2006-2193
Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=370355 http://bugzilla.remotesensing.org/show_bug.cgi?id=1196 http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html http://secunia.com/advisories/20488 http://secunia.com/advisories/20501 http://secunia.com/advisories/20520 http://secunia.com/advisories/20693 http://secunia.com/advisories/20766 http://secunia.com/advisories/21002 http://secunia.com/advisories/27181 http://secunia.com/advisories/27222 http: •
CVE-2006-2656 – tiffsplit (libtiff 3.8.2) - Local Stack Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-2656
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE. Desbordamiento de búfer basado en pila en el comando tiffsplit en libtiff 3.8.2 y versiones anteriores podría permitir a atacantes ejecutar código arbitrario a través de un nombre de archivo largo. NOTA: tiffsplit no es setuid. • https://www.exploit-db.com/exploits/1831 http://lists.suse.com/archive/suse-security-announce/2006-Jun/0008.html http://marc.info/?l=vuln-dev&m=114857412916909&w=2 http://secunia.com/advisories/20501 http://secunia.com/advisories/20520 http://secunia.com/advisories/20766 http://secunia.com/advisories/21002 http://security.gentoo.org/glsa/glsa-200607-03.xml http://www.debian.org/security/2006/dsa-1091 http://www.mandriva.com/security/advisories?name=MDKSA-2006:095 ht • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-2120
https://notcve.org/view.php?id=CVE-2006-2120
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. • ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://bugzilla.remotesensing.org/show_bug.cgi?id=1065 http://secunia.com/advisories/19936 http://secunia.com/advisories/19949 http://secunia.com/advisories/19964 http://secunia.com/advisories/20023 http://secunia.com/advisories/20210 http://secunia.com/advisories/20330 http://secunia.com/advisories/20667 http://support.avaya.com/elmodocs2/security/ASA-2006-119.htm http://www.debian.org/security/2006/ •
CVE-2006-2024 – LibTiff 3.x - Multiple Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-2024
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c. • https://www.exploit-db.com/exploits/27762 ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 http://secunia.com/advisories/19838 http://secunia.com/advisories/19851 http://secunia.com/advisories/19897 http://secunia.com/advisories/19936 http://secunia.com/advisories/19949 http://secunia.com/advisories/19964 http://secunia.com/advisories/20021 http://secunia.com/advisories/20023 http://secunia.com •
CVE-2006-2025 – LibTiff 3.x - TIFFFetchData Integer Overflow
https://notcve.org/view.php?id=CVE-2006-2025
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. • https://www.exploit-db.com/exploits/27764 ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 http://secunia.com/advisories/19838 http://secunia.com/advisories/19897 http://secunia.com/advisories/19936 http://secunia.com/advisories/19949 http://secunia.com/advisories/19964 http://secunia.com/advisories/20021 http://secunia.com/advisories/20023 http://secunia.com/advisories/20210 http://secunia.com •