Date: Mon, 29 Jun 2009 16:34:07 +0200 From: Jan Lieskovsky <jlieskov@...hat.com> To: "Steven M. Christey" <coley@...us.mitre.org> Cc: oss-security@...ts.openwall.com Subject: CVE Request -- libtiff [was: Re: libtiff buffer underflow in LZWDecodeCompat] Hello Steve, could you please allocate a new CVE id for this buffer underwrite flaw? Thanks && regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team On Tue, 2009-06-23 at 17:14 -0600, Vincent Danen wrote: > * [2009-06-21 17:14:24 -0700] Kees Cook wrote: > > >A crafted TIFF can crash libtiff in LZWDecodeCompat via underflow (different > >from CVE-2008-2327). > > > >Based on discussions and a quick analysis, I don't think this is > >exploitable, but it does lead to crashes in any application using libtiff. > >I've reported it upstream, with the attached patch. > > > >Has anyone else looked this over? > > > >-Kees > > > > http://www.lan.st/showthread.php?t=1856&page=3 > > https://bugs.launchpad.net/bugs/380149 > > http://bugzilla.maptools.org/show_bug.cgi?id=2065 > > You saw that a new comment was posted to  that points to an earlier > bug and a different patch, right? Looks like it was just updated today, > to point to this bug report from january: > > https://bugzilla.redhat.com/show_bug.cgi?id=1985 > > Also, that report seems to agree with your quick analysis: > > "However, the previous patch does appear to prevent a payload of more than one distinct byte, > making this effectively useless as a code injection vector. Nonetheless, it > still is effective at crashing applications that use LibTIFF." > > In fact, I think the reporter of that bug was one of the writers in the > lan.st forum notes you're showing, particularly based on this comment > where he indicates it isn't exploitable and that he filed a bug: > > http://www.lan.st/showpost.php?p=13094&postcount=58 >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ