oss-sec mailing list archives

CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips

From: Henri Salo <henri () nerv fi>
Date: Fri, 11 Nov 2016 22:57:56 +0200

Please assign CVE identifier for LibTIFF tiffcrop heap buffer overflow via
writeBufferToSeparateStrips, thanks.

Reported in: http://bugzilla.maptools.org/show_bug.cgi?id=2592

Fixed per:

2016-11-11 Even Rouault <even.rouault at spatialys.com>

        * tools/tiffcrop.c: fix multiple uint32 overflows in
        writeBufferToSeparateStrips(), writeBufferToContigTiles() and
        writeBufferToSeparateTiles() that could cause heap buffer overflows.
        Reported by Henri Salo from Nixu Corporation.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2592


/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
new revision: 1.1152; previous revision: 1.1151
/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
new revision: 1.43; previous revision: 1.42

-- 
Henri Salo

Current thread:

CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Henri Salo (Nov 11)
- Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Salvatore Bonaccorso (Nov 20)
- Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips cve-assign (Nov 21)