Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 10 Apr 2017 07:06:05 +0000
From: "Agostino Sarubbo" <ago@...too.org>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
Subject: CVE-2017-7594: libtiff: Direct leak in tif_ojpeg.c

http://bugzilla.maptools.org/show_bug.cgi?id=2659 :

In tif_ojpeg.c, in OJPEGReadHeaderInfoSecTablesDcTable, we have
rb=_TIFFmalloc(ra). After, values for rb are filled out. Then there is an if
(p!=q) return 0, which goes before the line sp->dctable[m]=rb;

Therefore, clearly rb is leaking every time the if (p!=q) is entered, since
memory is allocated but it is not even assigned anywhere. Our fix:

https://pdfium-review.googlesource.com/c/2176/

##################

Patch applied per

2017-01-12 Even Rouault <even.rouault at spatialys.com>

        * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable
        when read fails.
        Patch by Nicolás Peña.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659

--
Agostino Sarubbo
Gentoo Linux Developer


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ