oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2016-9297 LibTIFF regression

From: <cve-assign () mitre org>
Date: Fri, 18 Nov 2016 18:57:21 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


CVE-2016-9297 vulnerability reported in http://bugzilla.maptools.org/show_bug.cgi?id=2590 had a
regression, which is fixed in http://bugzilla.maptools.org/show_bug.cgi?id=2593

        * libtiff/tif_dirread.c: in TIFFFetchNormalTag(), do not dereference
        NULL pointer when values of tags with TIFF_SETGET_C16_ASCII /
        TIFF_SETGET_C32_ASCII access are 0-byte arrays.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2593 (regression
        introduced by previous fix done on 2016-11-11 for CVE-2016-9297).


Use CVE-2016-9448 for the vulnerability fixed in 2593.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYL5SIAAoJEHb/MwWLVhi2AzYP/2SarSYSo50EUpN0P21HbPSO
IEulwCp/UJ8S4Uu+0SlXs3vhBzi9OMJGjAAT73dqekzmvuWzXwwmXdTVdPhXYRQN
YrqK3K1QIn/gbFzAAbV6uzntktABhReJi0Rx57/kkfWbRHsIclD+nAJfY+yQWmkK
h1NS3DgBPcIffswM2EtbRU6hWWkdEHoxeiezIrk5o/hSHFt9AFP5yVNmcid63Hgp
rSgFfGIghkOrWQ3YSh9+bqCGC0dxHoBpvGR+yu0VEFFaLsh/EIjcy7kj1RBBAZWT
MpiSu0gTq2UMn8r/6H6Citxq79Iva+pafL8afCTsaAl8fMJ5aNsTj5JKEzcm83Hr
6riZMZv3AjizN+8x1lDFWcL1uN7Z+wilUU22/n7Qi1RGjzq74Vrs9Dabj0YoRZFV
9ukCOGqhpfGGwUrsVkwva26LvFei8nbP+P7f46AN8752HEugxt+uQhKixgco/ijf
25AYLDdBR3gIVMjJ44bSxKdHPBrFPMLMhU21huPD0w0upWTj220Sz7phvlF5oE8R
eogTOcNdDjMODtO8LHgSNviHQxc2Am03G0B6H/xm2NV7V2UQgvYHUOyQGU6jmJyY
BMwT6zaSALNs+g2WbKY6a/AuPnpUoKaabRtWNabAdd36o+lHsw7bliMyfDr9K4Lr
J6Cf8vBaL2h6W4whAQR7
=Jmyq
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: