Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 25 Dec 2015 22:10:58 -0500 (EST)
From: cve-assign@...re.org
To: zuozhi.fzz@...baba-inc.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request libtiff: out-of-bounds read in CIE Lab image format

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> If the data of image is packed ... a pixel only owns one byte. But in
> the implementation of putcontig8bitCIELab, it eats 3 bytes per pixel.
> This will lead to an out-of-bounds read

> tif_getimage.c, libtiff v4.0.6

> DECLAREContigPutFunc(putcontig8bitCIELab)

Use CVE-2015-8683.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWfgSfAAoJEL54rhJi8gl5gSkP/Amj1H6Tkb0IbaNaAbowHfeg
9j/mJ8EEzkokXlEgP/1GwElnwOw7e2wRE6HP8is1eFmoEKzrOW06RSYmqT6S88jT
QkKqH/YCvpdgNlwBH+a88KIwfDqX1KAlPVrWtrgv5RWk+gRaH6Z8lYlCzFDq54Yw
DnoZKaw+qMvsxmBvKOPgSB2pYQ6XjtxI8iFSZqpWc8utsmRlVnnV86/ocT3gVFN8
Sn0Cs94uRhsg7P41eWSA+l1A2phE3RB3xflMU4HKlii3wBLvEFMTNkYSPe5IopB0
XYxmwYsbQOTr0GWmrmjRYUvQlNn5o8XN3LaKGUOkpFzxvAxJrD2sATXhqeVSPyjw
WmeKBfJc0bNQxqYpxssJpDZnpwpG/eSm5RNSL85IZwB+XAVDjq5HejWwmCExkDSU
cNd06MghW42aHQPqJuSDK0VO6gQ4lcrXQf8VVRHLeAg4N40C0znt4aYIuu0FYJ0Z
D9qwrph0o6soYQXo0OeiBdTko7Vm1CN77f8icHT6SonLOXVndkjSxc3dsvumAhWk
HWPIDlDfCk162zKrSw83wCdzYTO3Nrt9yVOntmQoRzGgOhcXoZWIg6GVyDZAeRxy
9dT2MH7oXOjyM7wzxhiQyDGrsKVQjlw2zwXMTohY9MXUmfNrXMQP92ageSXxAR/m
9GaWzVP4oKh2l3uip3rH
=Yunc
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ