Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Apr 2016 11:36:32 +0800
From: "PXO炳林" <271193918@...com>
To: "oss-security" <oss-security@...ts.openwall.com>
Subject: 3 bugs refer to buffer overflow in in libtiff 4.0.6

Hello oss-security,


I did some test and found three bugs refer to buffer overflow: one stack buffer overflow in thumbnail and two buffer overflows in bmp2tiff. 


Please let me know whether CVE Identifier number could be assigned.


Overview:


Running each poc file crashes thumbnail and bmp2tiff made with AddressSanitizer in tiff-4.0.6. I have attached poc and log files . 


Steps to Reproduce:


1) download the source code of tiff-4.0.6 from url (http://download.osgeo.org/libtiff/tiff-4.0.6.tar.gz) and compile it with gcc AddressSanitizer
2) cd the directory where the bmp2tiff with Asan is and put a poc
3) run a poc file with bmp2tiff made with AddressSanitizer (ASan) in tiff-4.0.6
4) eg: ./bmp2tiff ./crashes/poc_745.bmp 1.tiff; ./bmp2tiff ./crashes/poc_775.bmp 1.tiff


Actual Results: The application thumbnail and bmp2tiff 4.0.6 crashed after run the poc. Asan detect crashes.



------------------
From Debug_Orz
[ CONTENT OF TYPE text/html SKIPPED ]

[ CONTENT OF TYPE application/octet-stream SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ