Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 26 Apr 2016 23:26:13 -0500
From: Jodie Cunningham <>
Subject: Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6

On Tue, Apr 26, 2016 at 10:36 PM, PXO炳林 <> wrote:
> Hello oss-security,
> I did some test and found three bugs refer to buffer overflow: one stack
> buffer overflow in thumbnail and two buffer overflows in bmp2tiff.
> Please let me know whether CVE Identifier number could be assigned.
> Overview:
> Running each poc file crashes thumbnail and bmp2tiff made with
> AddressSanitizer in tiff-4.0.6. I have attached poc and log files .
> ------------------
> From Debug_Orz

Is there a patch upstream?

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.