Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 30 Jun 2010 15:49:10 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE requests: LibTIFF

----- "Dan Rosenberg" <dan.j.rosenberg@...il.com> wrote:

> There are three issues that I think are CVE-worthy and have not been
> assigned:

Thanks for the help Dan. Here goes:

> 
> 1.  OOB read in TIFFExtractData() leading to crash (no reference,
> originally disclosed by me in this thread, fixed upstream with
> release
> 3.9.4 and security fix backported by Ubuntu).

CVE-2010-2481

> 
> 2.  NULL pointer dereference due to invalid td_stripbytecount leading
> to crash (distinct from CVE-2010-2443).  The upstream changelog entry
> for 3.9.4 reads:
> 
> 	* libtiff/tif_ojpeg.c (OJPEGReadBufferFill): Report an error and
> 	avoid a crash if the input file is so broken that the strip
> 	offsets are not defined.

CVE-2010-2482

> 
> 3.  OOB read in TIFFRGBAImageGet() leading to crash.  Reference:
> https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605

CVE-2010-2483

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ