Date: Mon, 21 Nov 2016 06:43:48 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Hi, On Fri, Nov 11, 2016 at 10:57:56PM +0200, Henri Salo wrote: > Please assign CVE identifier for LibTIFF tiffcrop heap buffer overflow via > writeBufferToSeparateStrips, thanks. > > Reported in: http://bugzilla.maptools.org/show_bug.cgi?id=2592 > > Fixed per: > > 2016-11-11 Even Rouault <even.rouault at spatialys.com> > > * tools/tiffcrop.c: fix multiple uint32 overflows in > writeBufferToSeparateStrips(), writeBufferToContigTiles() and > writeBufferToSeparateTiles() that could cause heap buffer overflows. > Reported by Henri Salo from Nixu Corporation. > Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2592 > > > /cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog > new revision: 1.1152; previous revision: 1.1151 > /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c > new revision: 1.43; previous revision: 1.42 FTR, this was included in the 4.0.7 release of LibTIFF. Although it is only in the tools part, this might still need a CVE if appropriate to identify the issue. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ