Date: Sun, 1 Jan 2017 19:20:54 -0500 From: Leo Famulari <leo@...ulari.name> To: oss-security@...ts.openwall.com Subject: Re: libtiff: multiple divide-by-zero On Sun, Jan 01, 2017 at 04:46:12PM +0100, Agostino Sarubbo wrote: > Description: > Libtiff is a software that provides support for the Tag Image File Format > (TIFF), a widely used format for storing image data. > > Some crafted images, through a fuzzing revealed multiple division by zero. > Since the number of the issues, I will post the relevant part of the > stacktrace. > > Affected version / Tested on: > 4.0.7 > Fixed version: > N/A > Commit fix: > https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1 Do you know if this repository has any relationship to the libtiff project? It describes itself like this: "Unofficial mirror of libtiff cvs repository at cvs.maptools.org created and updated using "git cvsimport"? Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ