oss-sec mailing list archives
Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 21 Nov 2016 06:43:48 +0100
Hi, On Fri, Nov 11, 2016 at 10:57:56PM +0200, Henri Salo wrote:
Please assign CVE identifier for LibTIFF tiffcrop heap buffer overflow via writeBufferToSeparateStrips, thanks. Reported in: http://bugzilla.maptools.org/show_bug.cgi?id=2592 Fixed per: 2016-11-11 Even Rouault <even.rouault at spatialys.com> * tools/tiffcrop.c: fix multiple uint32 overflows in writeBufferToSeparateStrips(), writeBufferToContigTiles() and writeBufferToSeparateTiles() that could cause heap buffer overflows. Reported by Henri Salo from Nixu Corporation. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2592 /cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog new revision: 1.1152; previous revision: 1.1151 /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c new revision: 1.43; previous revision: 1.42
FTR, this was included in the 4.0.7 release of LibTIFF. Although it is only in the tools part, this might still need a CVE if appropriate to identify the issue. Regards, Salvatore
Current thread:
- CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Henri Salo (Nov 11)
- Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Salvatore Bonaccorso (Nov 20)
- Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips cve-assign (Nov 21)