Date: Wed, 30 Jun 2010 15:49:10 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: coley <coley@...re.org> Subject: Re: CVE requests: LibTIFF ----- "Dan Rosenberg" <dan.j.rosenberg@...il.com> wrote: > There are three issues that I think are CVE-worthy and have not been > assigned: Thanks for the help Dan. Here goes: > > 1. OOB read in TIFFExtractData() leading to crash (no reference, > originally disclosed by me in this thread, fixed upstream with > release > 3.9.4 and security fix backported by Ubuntu). CVE-2010-2481 > > 2. NULL pointer dereference due to invalid td_stripbytecount leading > to crash (distinct from CVE-2010-2443). The upstream changelog entry > for 3.9.4 reads: > > * libtiff/tif_ojpeg.c (OJPEGReadBufferFill): Report an error and > avoid a crash if the input file is so broken that the strip > offsets are not defined. CVE-2010-2482 > > 3. OOB read in TIFFRGBAImageGet() leading to crash. Reference: > https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605 CVE-2010-2483 Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ