Date: Wed, 27 Apr 2016 11:36:32 +0800 From: "PXO炳林" <271193918@...com> To: "oss-security" <oss-security@...ts.openwall.com> Subject: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Hello oss-security, I did some test and found three bugs refer to buffer overflow: one stack buffer overflow in thumbnail and two buffer overflows in bmp2tiff. Please let me know whether CVE Identifier number could be assigned. Overview: Running each poc file crashes thumbnail and bmp2tiff made with AddressSanitizer in tiff-4.0.6. I have attached poc and log files . Steps to Reproduce: 1) download the source code of tiff-4.0.6 from url (http://download.osgeo.org/libtiff/tiff-4.0.6.tar.gz) and compile it with gcc AddressSanitizer 2) cd the directory where the bmp2tiff with Asan is and put a poc 3) run a poc file with bmp2tiff made with AddressSanitizer (ASan) in tiff-4.0.6 4) eg: ./bmp2tiff ./crashes/poc_745.bmp 1.tiff; ./bmp2tiff ./crashes/poc_775.bmp 1.tiff Actual Results: The application thumbnail and bmp2tiff 4.0.6 crashed after run the poc. Asan detect crashes. ------------------ From Debug_Orz Content of type "text/html" skipped Download attachment "thumbnail_bmp2tiff_pocs_logs.7z" of type "application/octet-stream" (56644 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ