Date: Sat, 2 Dec 2017 08:28:38 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: libtiff: Heap-based buffer overflow bug in pal2rgb(pal2rgb.c) hi, On Thu, Nov 30, 2017 at 07:41:03PM +0900, 백정운 wrote: > Hi all, > > A heap-based buffer overflow flaw was found in pal2rgb. A malicious > user can manipulate the heap memory of a process using COLORMAP, > Image Width, and Image Length value of a TIFF document. > > http://bugzilla.maptools.org/show_bug.cgi?id=2750 MITRE has assigned CVE-2017-17095 for this issue. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ