Date: Wed, 1 Nov 2017 09:59:42 -0500 (CDT) From: Bob Friesenhahn <bfriesen@...ple.dallas.tx.us> To: oss-security <oss-security@...ts.openwall.com> Subject: Re: CVE-2017-16231: PCRE 8.41 match() stack overflow; CVE-2017-16232: LibTIFF 4.0.8 memory leaks On Wed, 1 Nov 2017, ???? wrote: > >> [Suggested description] >> LibTIFF 4.0.8 has multiple memory leak vulnerabilities, which allow >> attackers to cause a denial of service (memory consumption), as demonstrated >> by tif_open.c, tif_lzw.c, and tif_aux.c >> >> ------------------------------------------ >> >> [Additional Information] >> /tiff2bw ../../../../libtiff_4.0.8_afl/2bw_output/crashes/poc.tif 222.tif I am not seeing any memory leak vulnerability. I do see that tiff2bw made no attempt to release any memory at all (not strictly required for a utility since memory is released when it quits). I have modified the code in the development CVS version to release memory to satisfy memory checkers. > > Use CVE-2017-16232. This is a memory-based DOS issue within tiff2bw itself (not directly inside libtiff). TIFF files using LZW compression can achieve a very high compression ratio so it can be difficult to predict if a file's pixel dimensions are bogus or not. Valid files also pose a DOS opportunity. There are no arbitrary limits imposed within tiff2bw. Bob -- Bob Friesenhahn bfriesen@...ple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/ GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.