Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 1 Jul 2009 08:01:21 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com, oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- libtiff [was: Re: 
 libtiff buffer underflow in LZWDecodeCompat]


======================================================
Name: CVE-2009-2285
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285
Reference: MLIST:[oss-security] 20090621 libtiff buffer underflow in LZWDecodeCompat
Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/22/1
Reference: MLIST:[oss-security] 20090623 Re: libtiff buffer underflow in LZWDecodeCompat
Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/23/1
Reference: MLIST:[oss-security] 20090629 CVE Request -- libtiff [was: Re: libtiff buffer underflow in LZWDecodeCompat]
Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/29/5
Reference: MISC:http://www.lan.st/showthread.php?t=1856&page=3
Reference: CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2065
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149

Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
allows context-dependent attackers to cause a denial of service
(crash) via a crafted TIFF image, a different vulnerability than
CVE-2008-2327.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.