Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 18 Nov 2016 17:05:24 +0200
From: Henri Salo <>
Subject: CVE-2016-9297 LibTIFF regression

CVE-2016-9297 vulnerability reported in had a
regression, which is fixed in
by Even Rouault.

Fixed per

2016-11-16 Even Rouault <even.rouault at>

        * libtiff/tif_dirread.c: in TIFFFetchNormalTag(), do not dereference
        NULL pointer when values of tags with TIFF_SETGET_C16_ASCII /
        access are 0-byte arrays.
        Fixes (regression
        by previous fix done on 2016-11-11 for CVE-2016-9297).
        Reported by Henri Salo.

/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
new revision: 1.1163; previous revision: 1.1162
/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v  <-- 
new revision: 1.204; previous revision: 1.203

Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.