Date: Sun, 1 Jan 2017 19:20:54 -0500 From: Leo Famulari <leo@...ulari.name> To: oss-security@...ts.openwall.com Subject: Re: libtiff: multiple divide-by-zero On Sun, Jan 01, 2017 at 04:46:12PM +0100, Agostino Sarubbo wrote: > Description: > Libtiff is a software that provides support for the Tag Image File Format > (TIFF), a widely used format for storing image data. > > Some crafted images, through a fuzzing revealed multiple division by zero. > Since the number of the issues, I will post the relevant part of the > stacktrace. > > Affected version / Tested on: > 4.0.7 > Fixed version: > N/A > Commit fix: > https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1 Do you know if this repository has any relationship to the libtiff project? It describes itself like this: "Unofficial mirror of libtiff cvs repository at cvs.maptools.org created and updated using "git cvsimport"? Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.