Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Jun 2016 10:29:13 -0400 (EDT)
From: cve-assign@...re.org
To: idolf@...gle.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> heap-based buffer overflow in
> LibTIFF in the file libtiff/tif_pixarlog.c. The vulnerability allows an
> attacker to control the size of the allocated heap-buffer while
> independently controlling the data to be written to the buffer with no
> restrictions on the size of the written data.
> 
> revision 1.44
> date: 2016-06-28 17:12:19 +0200; author: erouault; commitid: 2SqWSFG5a8Ewffcz;
> 
> * libtiff/tif_pixarlog.c: fix potential buffer write overrun in
> PixarLogDecode() on corrupted/unexpected images (reported by Mathias
> Svensson)

Use CVE-2016-5875.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXc9qbAAoJEHb/MwWLVhi2SmoP/iycenqjeZtYwVOBTw09R7cq
Bgb6m/EvOeK7dxwW+PHMLnyM1bdCk1ZL4mocOPJwrsFLj1wm8QBsCWtF2nLsV2tA
59rtB8OEdDIL9rl/kArHf/ozqY1O8CSxFts0IqeU40/wp9SHHGK3U9N63LjqBXrP
IvhLFvfGdXyXWISfqP1ve7VkXR8AsVZ/zJVjwPFHXbjzYMOmKeo1V6jRlTBHWEai
TPTtmehZyG9mwVHu18QKJNI3Xc1S0evadv576MUCsyCdU5zIuVbGNPNEQXhX7/ZB
iX9YnWxT+a+aomECJgbF5tXUZy82EqoQU+kfnMkIHUJlxImCAemFAqTeQZ8Z5cjQ
OA73XZhUWp93P7y/ncKpWyRyIDc159R7CpKFa+fC7ax8btJp6vOx3VNM7LwdZ4Dg
BVUprEW+eeAvqQ7dDh/lmZ4ynrwd+uWZZTRXBDPNkJvB5vifyIR+79qf8uLDIWRw
MXMzY9ANqZQwyASiu1j0DWwrr8sWALFR3AznIH0Ny1VEJwIVLYBhp97Dh/nkyLUe
1q+SdiSKtkvCSYlSMhehbETITlGVa6pht7Kh0PLm4ZzAkxZqq5u29hRrf7XOvMpl
WJMY/2YqjouCRWYvotiw970plPHqOozcTz/WFGZHTNBj5fh/iFe/ZEsaF/WjpN95
l3SBEFinwfRH77apDjF1
=0JY6
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ