Date: Wed, 29 Jun 2016 14:08:14 +0200 From: Mathias Svensson <idolf@...gle.com> To: oss-security@...ts.openwall.com Subject: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format Hello oss-security, I would like to request a CVE number for a heap-based buffer overflow in LibTIFF in the file libtiff/tif_pixarlog.c. The vulnerability allows an attacker to control the size of the allocated heap-buffer while independently controlling the data to be written to the buffer with no restrictions on the size of the written data. The bug seems to be at least superficially related to CVE-2012-4447, however this vulnerability seems to be a separate issue and not just a case of an insufficient fix. The issue is fixed in CVS HEAD with the commit: revision 1.44 date: 2016-06-28 17:12:19 +0200; author: erouault; state: Exp; lines: +9 -1; commitid: 2SqWSFG5a8Ewffcz; * libtiff/tif_pixarlog.c: fix potential buffer write overrun in PixarLogDecode() on corrupted/unexpected images (reported by Mathias Svensson) Kind regards, Mathias Svensson, Google Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ