[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0907010801160.10744@faron.mitre.org>
Date: Wed, 1 Jul 2009 08:01:21 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com, oss-security@...ts.openwall.com
cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- libtiff [was: Re:
libtiff buffer underflow in LZWDecodeCompat]
======================================================
Name: CVE-2009-2285
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2285
Reference: MLIST:[oss-security] 20090621 libtiff buffer underflow in LZWDecodeCompat
Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/22/1
Reference: MLIST:[oss-security] 20090623 Re: libtiff buffer underflow in LZWDecodeCompat
Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/23/1
Reference: MLIST:[oss-security] 20090629 CVE Request -- libtiff [was: Re: libtiff buffer underflow in LZWDecodeCompat]
Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/29/5
Reference: MISC:http://www.lan.st/showthread.php?t=1856&page=3
Reference: CONFIRM:http://bugzilla.maptools.org/show_bug.cgi?id=2065
Reference: CONFIRM:https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/380149
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2
allows context-dependent attackers to cause a denial of service
(crash) via a crafted TIFF image, a different vulnerability than
CVE-2008-2327.
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
