Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 10 Apr 2017 07:04:59 +0000
From: "Agostino Sarubbo" <ago@...too.org>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE-2017-7593: libtiff: Potential unitialized-memory access from tif_rawdata

http://bugzilla.maptools.org/show_bug.cgi?id=2651 :

It is possible to end up accessing un-intialized memory from tif_rawdata. A
potential fix can be seen at: https://pdfium-review.googlesource.com/c/2150/

#################

Fixed per 

2017-01-11 Even Rouault <even.rouault at spatialys.com>

        * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add_TIFFcalloc()

        * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
        initialize tif_rawdata.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651

--
Agostino Sarubbo
Gentoo Linux Developer


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ