Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 Dec 2015 11:37:53 -0500 (EST)
From: cve-assign@...re.org
To: limingxing@....cn
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, huangyonggang@....cn
Subject: Re: CVE request --  Out-of-bounds Read in libtiff

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> We want to report 1 vulnerability in libtiff 4.0.6!
> The issue is about  tif_getimage.c line: 1403
> 
> UNROLL8(w, NOP,
>             *cp++ = PACK4(pp[0], pp[1], pp[2], pp[3]);
>             pp += samplesperpixel);
> 
> if  samplesperpixel = 3 pp[3] cause Out-of-bounds Read

Use CVE-2015-8665.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWfB6qAAoJEL54rhJi8gl5ykkQAJ/DbleEiFDmzK2QUNmZDkuZ
kT7WFzYqcsvTXi0FJfzkTfrNpYwJzS72CNkCjbTpeS24oSvTJ9gAqo7YN3uVe/bw
YdkTa4RTKw3QpRdHOr5/NfKBZuzyAv0WYVwKqonYyTKblLrP11ViDr6Itb7BVDUw
C1NbQ94PS+Tz/pPrrBODrsWtbjBRUnUf6qt3v1ufbxcObIuwsNeMI6VWOwOdGFdv
1urHQ35RHojMD5hicNej2TW8chWWyPDnR2h6uTD2TVvcSQfIy5+Lc0Tcxc9brRN/
5tsEYmG1brj4BN6M6+x7/48D2lgZyNPYl6xRmmf79wfsSo02sm3JKbcsvORvP9YS
XBSoWOlX609kHPNzPPt9g0+3TDoWvaq8hkiJ29fP1v1ZFQASPbLu/wlyZdoVqnZ2
/XTmm657bxOGxake6VT+2SJmoZEuh5cxTQb5Y4/TAd7uK8AW6ARAxwbMltcPLxX9
1DzK3EmPK6X/bGhNlEuEQiRa1G6+o7eKzzlaOciG0vo0UjEaIYrkZO3pgQKanFeZ
8odBAstpXuvJsOwHNz3hAYBLzJ5xjRjTZZPrHcZzELGZZiW07yRKrXEf58ygavno
sh5jakTVnFdMyrJRYumgg5CjtJ+W1ujys14p3hHSIxj0bootrdoa4w9FD7lce64X
fsmM+pCAHv0eIFYhKvr5
=7xPe
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ