Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20161121054348.GA632@lorien.valinor.li>
Date: Mon, 21 Nov 2016 06:43:48 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: LibTIFF tiffcrop: Heap buffer
 overflow via writeBufferToSeparateStrips

Hi,

On Fri, Nov 11, 2016 at 10:57:56PM +0200, Henri Salo wrote:
> Please assign CVE identifier for LibTIFF tiffcrop heap buffer overflow via
> writeBufferToSeparateStrips, thanks.
> 
> Reported in: http://bugzilla.maptools.org/show_bug.cgi?id=2592
> 
> Fixed per:
> 
> 2016-11-11 Even Rouault <even.rouault at spatialys.com>
> 
>         * tools/tiffcrop.c: fix multiple uint32 overflows in
>         writeBufferToSeparateStrips(), writeBufferToContigTiles() and
>         writeBufferToSeparateTiles() that could cause heap buffer overflows.
>         Reported by Henri Salo from Nixu Corporation.
>         Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2592
> 
> 
> /cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
> new revision: 1.1152; previous revision: 1.1151
> /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
> new revision: 1.43; previous revision: 1.42

FTR, this was included in the 4.0.7 release of LibTIFF.

Although it is only in the tools part, this might still need a CVE if
appropriate to identify the issue.

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.