![]() |
|
Date: Sun, 21 Jun 2009 17:14:24 -0700
From: Kees Cook <kees@...ntu.com>
To: oss-security@...ts.openwall.com
Subject: libtiff buffer underflow in LZWDecodeCompat
A crafted TIFF can crash libtiff in LZWDecodeCompat via underflow (different
from CVE-2008-2327).
Based on discussions[1] and a quick analysis[2], I don't think this is
exploitable, but it does lead to crashes in any application using libtiff.
I've reported it upstream[3], with the attached patch.
Has anyone else looked this over?
-Kees
[1] http://www.lan.st/showthread.php?t=1856&page=3
[2] https://bugs.launchpad.net/bugs/380149
[3] http://bugzilla.maptools.org/show_bug.cgi?id=2065
--
Kees Cook
Ubuntu Security Team
View attachment "lzw_underflow.patch" of type "text/x-diff" (681 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.