Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 8 Aug 2013 05:42:15 -0400 (EDT)
From: Jan Lieskovsky <>
Cc: "Steven M. Christey" <>,
        Pedro Ribeiro <>,
        Frank Warmerdam <>
Subject: CVE Request -- Four (stack-based) buffer overflows and one
 use-after-free in libtiff v4.0.3 reported by Pedro Ribeiro

Hello Kurt, Steve, vendors,

  Pedro Ribeiro has recently reported the following five security
flaws being present in the tools of TIFF library:

While they are present in the tools (=> not that urgent like they
would be in the library itself), there's been CVE ids assigned
in the past for TIFF library tools issues too. To mention some examples:

Since there doesn't seem to be CVE identifiers assigned for these
[1] issues yet, could you allocate them?

FWIW regarding the patches and upstream bugs - if my information
is up2date, there aren't upstream bugs and patches for these issues

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ