Date: Mon, 21 Nov 2016 06:43:48 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Hi, On Fri, Nov 11, 2016 at 10:57:56PM +0200, Henri Salo wrote: > Please assign CVE identifier for LibTIFF tiffcrop heap buffer overflow via > writeBufferToSeparateStrips, thanks. > > Reported in: http://bugzilla.maptools.org/show_bug.cgi?id=2592 > > Fixed per: > > 2016-11-11 Even Rouault <even.rouault at spatialys.com> > > * tools/tiffcrop.c: fix multiple uint32 overflows in > writeBufferToSeparateStrips(), writeBufferToContigTiles() and > writeBufferToSeparateTiles() that could cause heap buffer overflows. > Reported by Henri Salo from Nixu Corporation. > Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2592 > > > /cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog > new revision: 1.1152; previous revision: 1.1151 > /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c > new revision: 1.43; previous revision: 1.42 FTR, this was included in the 4.0.7 release of LibTIFF. Although it is only in the tools part, this might still need a CVE if appropriate to identify the issue. Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.