oss-sec mailing list archives

CVE Request: libtiff: read outside buffer in _TIFFPrintField()

From: "Brian 'geeknik' Carpenter" <brian.carpenter () gmail com>
Date: Fri, 11 Nov 2016 22:13:40 -0600

Hi, could you assign a CVE to the following issue in libtiff?

http://bugzilla.maptools.org/show_bug.cgi?id=2590

Fixed per

2016-11-11 Even Rouault <even.rouault at spatialys.com>
* libtiff/tif_dirread.c: in TIFFFetchNormalTag(), make sure that
values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII
access are null terminated, to avoid potential read outside buffer
in _TIFFPrintField().

/cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog
new revision: 1.1154; previous revision: 1.1153
/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <--
libtiff/tif_dirread.c
new revision: 1.203; previous revision: 1.202


Regards,

Brian 'geeknik' Carpenter
https://twitter.com/geeknik

Current thread:

CVE Request: libtiff: read outside buffer in _TIFFPrintField() Brian 'geeknik' Carpenter (Nov 12)
- Re: CVE Request: libtiff: read outside buffer in _TIFFPrintField() cve-assign (Nov 14)