Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Dec 2015 06:36:03 +0000
From: limingxing <limingxing@....cn>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
CC: 黄永刚 <huangyonggang@....cn>
Subject: CVE request --  Out-of-bounds Read in libtiff

Hello, 

We want to report 1 vulnerability in libtiff 4.0.6! 
The issue is about  tif_getimage.c line: 1403

UNROLL8(w, NOP,
            *cp++ = PACK4(pp[0], pp[1], pp[2], pp[3]);
            pp += samplesperpixel);

if  samplesperpixel = 3 ,pp[3] cause Out-of-bounds Read !


Could you give we a cve ?  Please credit it for:   “LMX of Qihoo 360 Codesafe Team”



Best Regards,
Download attachment "poc.zip" of type "application/octet-stream" (228 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ