Date: Sun, 01 Jan 2017 16:53:34 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: libtiff: assertion failure in readSeparateTilesIntoBuffer (tiffcp.c) Description: Libtiff is a software that provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. A crafted tiff file revealed an assertion failure. The complete output: # tiffcp -i $FILE /tmp/foo tiffcp: /tmp/portage/media- libs/tiff-4.0.7/work/tiff-4.0.7/tools/tiffcp.c:1390: int readSeparateTilesIntoBuffer(TIFF *, uint8 *, uint32, uint32, tsample_t): Assertion `bps % 8 == 0' failed. Affected version: 4.0.7 Fixed version: N/A Commit fix: https://github.com/vadz/libtiff/commit/7ff9652da2eec4c65279dcbc7e55c0418e87bbc8 Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00072-libtiff-assert-readSeparateTilesIntoBuffer Timeline: 2016-11-23: bug discovered and reported to upstream 2016-12-03: upstream released a patch 2017-01-01: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2017/01/01/libtiff-assertion-failure-in-readseparatetilesintobuffer-tiffcp-c -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ