Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Apr 2016 23:26:13 -0500
From: Jodie Cunningham <jodie.cunningham@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6

On Tue, Apr 26, 2016 at 10:36 PM, PXO炳林 <271193918@...com> wrote:
>
> Hello oss-security,
>
> I did some test and found three bugs refer to buffer overflow: one stack
> buffer overflow in thumbnail and two buffer overflows in bmp2tiff.
>
> Please let me know whether CVE Identifier number could be assigned.
>
> Overview:
>
> Running each poc file crashes thumbnail and bmp2tiff made with
> AddressSanitizer in tiff-4.0.6. I have attached poc and log files .
> ------------------
> From Debug_Orz
>


Is there a patch upstream?

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ