Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Nov 2016 17:32:09 -0600
From: "Brian 'geeknik' Carpenter" <brian.carpenter@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE Request: libtiff: heap buffer overflow/read outside of array

Hi, could you assign a CVE to the following issue in libtiff?

http://bugzilla.maptools.org/show_bug.cgi?id=2587

Fixed per
>> 2016-11-10 Even Rouault <even.rouault at spatialys.com>
>> * libtiff/tif_strip.c: make TIFFNumberOfStrips() return the
>>   td->td_nstrips value when it is non-zero, instead of recomputing it.
>>   This is needed in TIFF_STRIPCHOP mode where td_nstrips is modified.
>>   Fixes a read outside of array in tiffsplit
>>   (or other utilities using TIFFNumberOfStrips()).
>>
>>  /cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
>>  new revision: 1.1151; previous revision: 1.1150
>>  /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v  <--
 libtiff/tif_strip.c
>>  new revision: 1.37; previous revision: 1.36

Regards,

Brian 'geeknik' Carpenter
https://twitter.com/geeknik

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.