Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 1 Jan 2017 12:52:56 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: libtiff: stack-based buffer overflow in _TIFFVGetField (tif_dir.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2017/01/01/libtiff-stack-based-buffer-overflow-in-_tiffvgetfield-tif_dir-c

> tiffsplit
> AddressSanitizer: stack-buffer-overflow ... WRITE of size 4 at
> tiff-4.0.7/libtiff/tif_dir.c:1077:29

>> http://bugzilla.maptools.org/show_bug.cgi?id=2625
>> Reported: 2016-12-04

Use CVE-2016-10095.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYaUD7AAoJEHb/MwWLVhi2MEUP/3BmH0gq++MW96w7r1FJgdmw
+LDl1nEAQfZwiCRVP5G6iL0Egguw8VW2LlYK4YLmnorh8wYWf5mYJQDOI+44f+sK
oxO1uu2lv/IfePRqgMdWIoJFvuv7QzfplbXSQkH0oW8fCdo7FZ5dbEy3KzWlrFeU
dGWFx3ypXQ08VvddLssLuG4yLvw4KRI5nYfxkxMNY9N2wFzooVMm64m/bz4T9ZRJ
DvNMsIU6Yspk2Gv5NLVv4+isqWOTkOgRcuh4Gh8j9Rdni46pnjCEF6Bc1tDI+zmV
8XnUDURVfRDgXUR2X63/bKbRzTFfkY6lHECAOJ0mAc3fx105Pf6qfy1KvqSSxhi5
4VV9OaK3Nh/8QAdkalL1MoZZ4qCvmxoevxRIYN3pINx6qlHssYj52tNvaszumq6t
X7rDfdgKYxQf+uegYFiiEigTu7+UV8tEsRyx/kBfHiZqfkyXMw4eIAEJEJekC6y4
6RFnaC37VbhCScfHevmrEH8MW2IbVd6zfu3Taayp2WvJmMT0QQ+dXPY3TUgtZXdR
um0XCOgbrbMTWMVuR7huDzrzMnvkEUMvJtUlNZw+tx0gZerm4hxzrMiyKFhr2Bkj
8WLRWmgmaDWfeeeMzIZH+cbjI7z/7Mr/5dr2PPc9gXqwVJHpQc1sGjLSO2c4I5pT
bjm1p3FJdbBJi+DMt82Y
=2Tt2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.