Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 25 Mar 2017 14:57:07 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: libtiff: multiple divide-by-zero

On Sunday 01 January 2017 16:46:12 Agostino Sarubbo wrote:
> Permalink:
> https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero

> # tiffcp $FILE /tmp/foo
> ==12079==ERROR: AddressSanitizer: FPE on unknown address 0x7fd319436251 (pc
> 0x7fd319436251 bp 0x7fff851e3d80 sp 0x7fff851e3d30 T0)
>     #0 0x7fd319436250 in TIFFReadEncodedStrip /tmp/portage/media-
> libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_read.c:351:22

This is CVE-2016-10266
 

> # tiffmedia $FILE /tmp/foo
> ==28106==ERROR: AddressSanitizer: FPE on unknown address 0x7faeae7f744e (pc
> 0x7faeae7f744e bp 0x7ffceab45e40 sp 0x7ffceab45ce0 T0)
>     #0 0x7faeae7f744d in OJPEGDecodeRaw /tmp/portage/media-
> libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_ojpeg.c:816:8

This is CVE-2016-10267

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ