oss-sec mailing list archives

Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips

From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 21 Nov 2016 06:43:48 +0100

Hi,

On Fri, Nov 11, 2016 at 10:57:56PM +0200, Henri Salo wrote:

Please assign CVE identifier for LibTIFF tiffcrop heap buffer overflow via
writeBufferToSeparateStrips, thanks.

Reported in: http://bugzilla.maptools.org/show_bug.cgi?id=2592

Fixed per:

2016-11-11 Even Rouault <even.rouault at spatialys.com>

        * tools/tiffcrop.c: fix multiple uint32 overflows in
        writeBufferToSeparateStrips(), writeBufferToContigTiles() and
        writeBufferToSeparateTiles() that could cause heap buffer overflows.
        Reported by Henri Salo from Nixu Corporation.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2592


/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
new revision: 1.1152; previous revision: 1.1151
/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
new revision: 1.43; previous revision: 1.42


FTR, this was included in the 4.0.7 release of LibTIFF.

Although it is only in the tools part, this might still need a CVE if
appropriate to identify the issue.

Regards,
Salvatore

Current thread:

CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Henri Salo (Nov 11)
- Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips Salvatore Bonaccorso (Nov 20)
- Re: CVE request: LibTIFF tiffcrop: Heap buffer overflow via writeBufferToSeparateStrips cve-assign (Nov 21)