Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Apr 2016 23:26:13 -0500
From: Jodie Cunningham <>
Subject: Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6

On Tue, Apr 26, 2016 at 10:36 PM, PXO炳林 <> wrote:
> Hello oss-security,
> I did some test and found three bugs refer to buffer overflow: one stack
> buffer overflow in thumbnail and two buffer overflows in bmp2tiff.
> Please let me know whether CVE Identifier number could be assigned.
> Overview:
> Running each poc file crashes thumbnail and bmp2tiff made with
> AddressSanitizer in tiff-4.0.6. I have attached poc and log files .
> ------------------
> From Debug_Orz

Is there a patch upstream?

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ