Date: Wed, 9 Nov 2016 17:32:09 -0600 From: "Brian 'geeknik' Carpenter" <brian.carpenter@...il.com> To: oss-security@...ts.openwall.com Subject: CVE Request: libtiff: heap buffer overflow/read outside of array Hi, could you assign a CVE to the following issue in libtiff? http://bugzilla.maptools.org/show_bug.cgi?id=2587 Fixed per >> 2016-11-10 Even Rouault <even.rouault at spatialys.com> >> * libtiff/tif_strip.c: make TIFFNumberOfStrips() return the >> td->td_nstrips value when it is non-zero, instead of recomputing it. >> This is needed in TIFF_STRIPCHOP mode where td_nstrips is modified. >> Fixes a read outside of array in tiffsplit >> (or other utilities using TIFFNumberOfStrips()). >> >> /cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog >> new revision: 1.1151; previous revision: 1.1150 >> /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v <-- libtiff/tif_strip.c >> new revision: 1.37; previous revision: 1.36 Regards, Brian 'geeknik' Carpenter https://twitter.com/geeknik
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.