Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 14 Nov 2016 13:34:55 -0500
From: <cve-assign@...re.org>
To: <brian.carpenter@...il.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: libtiff: read outside buffer in _TIFFPrintField()

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://bugzilla.maptools.org/show_bug.cgi?id=2590

> AddressSanitizer: SEGV on unknown address 0x7faf9b2d2000

>> * libtiff/tif_dirread.c: in TIFFFetchNormalTag(), make sure that
>> values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII
>> access are null terminated, to avoid potential read outside buffer
>> in _TIFFPrintField().

Use CVE-2016-9297.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYKgMmAAoJEHb/MwWLVhi2PioP/jm0R6nmT1TNWfIenph7XvVp
rrxXbx0spg1BFsDDvP44kzFYvn4EAH+mCW8HyKpV3dGGLL6PO22cOivt15K0EKKc
ImyY2E3j8PKR5lzdHcLYGjiBTOT+psZhZtEhaVkELjpgPq4mJqbmbdMyjYMdseav
+x9r2vptrj6zf875gY23FsEEXEWyF+wML15jViClSmrUYcTZQtR52Sr6IZrUIlDR
rw4sr7l6M2H92CIrFqGl1ltF23BIjR75vMlxabze244XFoOIWo8cBcI04ncKJ404
3hDzdeBHLzJFltoKygb8dhGdWF0xfonAG4P6Mt04yFLDBsI1M0Sial6kcrWj2XSh
Br27MgPKH9gIOLAdUmaUFkO+gu92DEZGUMOtvBJHjRrZ2M1USrIH+bVBAJubdZGb
L2Y6rVLHhC0pfIA21It4f1JjTsb3PODlSO/mNd6ZF/E37/MDEWoel7BCGBvBnuLg
NmcxWKDw3kPsxnHhujrHoNHemnOP9lGsCbT8mMX+yCYphUc2+OO4inwAWO2N+gGT
wFIJRl7TkQUzKNsvUdU0L1+sHjA5T1SKWjrEABfuEAlcUNmLm9AnSfkVMZDbIphm
765VnjGxzU9dQCcC2L3ZrjbLVEwDMgdXPzJ5ncV9+kmklmFSkQSTBsOD2vgggq5p
rkvWKAOzbWcHI90QV0lL
=9TM7
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.