oss-sec mailing list archives
Re: CVE Request: libtiff: heap buffer overflow/read outside of array
From: <cve-assign () mitre org>
Date: Fri, 11 Nov 2016 08:26:36 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
http://bugzilla.maptools.org/show_bug.cgi?id=2587
AddressSanitizer: heap-buffer-overflow READ of size 8
* libtiff/tif_strip.c: make TIFFNumberOfStrips() return the td->td_nstrips value when it is non-zero, instead of recomputing it. This is needed in TIFF_STRIPCHOP mode where td_nstrips is modified. Fixes a read outside of array in tiffsplit (or other utilities using TIFFNumberOfStrips()).
Use CVE-2016-9273 for this buffer over-read. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYJcZ7AAoJEHb/MwWLVhi2mP0P/0XMEbn4EhOPpKIfmdMrL8kx sekTNRxIvZ8oy4MzDghg+CdeZu54XCWA6BlWWFRu5yoBmarcfTaYu4DfPA+xvCV8 CC1Nv9y6oJ08wBDMG2uPROig7/yDxPBhcbsGWrTOJ0zvxnU1FpmPDPOEMKmLX539 ByenyTqcZ/NXNm3D7C/Z5JNgT4ZIFcdvlYyvHGTLga8DK67wszbFR3QUS2Pq6WgD bYjDT2mAn+KZEaMvsPpO/2r1jv52Dl9q577yjfIygMR/hqM81I/PgX5virIx8RWq s1G3y217v0qSycFX0nMxllw3XLwzOEVcYaRD7ei+vvQH3noWm+i7fVaHI635ypaF kqWxNt6pL09sVXlCeE/K1D64vIwpeYob/sUxNGJzpg1ZtHunFvS6P2/MjKuKSxq/ 2NOB5JpC3PKepNNYO2YEeLrdBqBl/k2vj0j7AkQi8tH1gh75EZvDAVs/IWPu8so6 L7z5d39umgn51tjvw7za06vVGi+Raf9CcpXLTIwbllPTo1rsA7nzDk5I8xXNQuPz VQG+CK12j1szR7r2Mv9h0A4BJVvmQr8SLbXrNTljxLlcjKNwgsjPtWjLcYKPo1Sn n+QgTY0MnMj7/sKb75nKzBEN1rwwjZqpvEWgVpcpYd9dvarIt6kAzk02UhPc9E4l IJSYMwtncLobdcF7IPNw =jHbm -----END PGP SIGNATURE-----
Current thread:
- CVE Request: libtiff: heap buffer overflow/read outside of array Brian 'geeknik' Carpenter (Nov 09)
- Re: CVE Request: libtiff: heap buffer overflow/read outside of array Ian Zimmerman (Nov 09)
- Re: Re: CVE Request: libtiff: heap buffer overflow/read outside of array Bob Friesenhahn (Nov 09)
- Re: CVE Request: libtiff: heap buffer overflow/read outside of array cve-assign (Nov 11)
- Re: CVE Request: libtiff: heap buffer overflow/read outside of array Ian Zimmerman (Nov 09)