Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 30 Jun 2010 15:49:10 -0400 (EDT)
From: Josh Bressers <>
Cc: coley <>
Subject: Re: CVE requests: LibTIFF

----- "Dan Rosenberg" <> wrote:

> There are three issues that I think are CVE-worthy and have not been
> assigned:

Thanks for the help Dan. Here goes:

> 1.  OOB read in TIFFExtractData() leading to crash (no reference,
> originally disclosed by me in this thread, fixed upstream with
> release
> 3.9.4 and security fix backported by Ubuntu).


> 2.  NULL pointer dereference due to invalid td_stripbytecount leading
> to crash (distinct from CVE-2010-2443).  The upstream changelog entry
> for 3.9.4 reads:
> 	* libtiff/tif_ojpeg.c (OJPEGReadBufferFill): Report an error and
> 	avoid a crash if the input file is so broken that the strip
> 	offsets are not defined.


> 3.  OOB read in TIFFRGBAImageGet() leading to crash.  Reference:




Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ