Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Nov 2016 06:43:48 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: LibTIFF tiffcrop: Heap buffer
 overflow via writeBufferToSeparateStrips

Hi,

On Fri, Nov 11, 2016 at 10:57:56PM +0200, Henri Salo wrote:
> Please assign CVE identifier for LibTIFF tiffcrop heap buffer overflow via
> writeBufferToSeparateStrips, thanks.
> 
> Reported in: http://bugzilla.maptools.org/show_bug.cgi?id=2592
> 
> Fixed per:
> 
> 2016-11-11 Even Rouault <even.rouault at spatialys.com>
> 
>         * tools/tiffcrop.c: fix multiple uint32 overflows in
>         writeBufferToSeparateStrips(), writeBufferToContigTiles() and
>         writeBufferToSeparateTiles() that could cause heap buffer overflows.
>         Reported by Henri Salo from Nixu Corporation.
>         Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2592
> 
> 
> /cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
> new revision: 1.1152; previous revision: 1.1151
> /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
> new revision: 1.43; previous revision: 1.42

FTR, this was included in the 4.0.7 release of LibTIFF.

Although it is only in the tools part, this might still need a CVE if
appropriate to identify the issue.

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ