Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 21 Jun 2009 17:14:24 -0700
From: Kees Cook <>
Subject: libtiff buffer underflow in LZWDecodeCompat

A crafted TIFF can crash libtiff in LZWDecodeCompat via underflow (different
from CVE-2008-2327).

Based on discussions[1] and a quick analysis[2], I don't think this is
exploitable, but it does lead to crashes in any application using libtiff.
I've reported it upstream[3], with the attached patch.

Has anyone else looked this over?



Kees Cook
Ubuntu Security Team

View attachment "lzw_underflow.patch" of type "text/x-diff" (681 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ