Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20160714181602.59527B2E012@smtpvbsrv1.mitre.org>
Date: Thu, 14 Jul 2016 14:16:02 -0400 (EDT)
From: cve-assign@...re.org
To: idolf@...gle.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Information leak in LibTIFF

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> I would like to request a CVE number for an information leak in LibTIFF,
> specifically in the file libtiff/tif_read.c.
> 
> The vulnerability allows an attacker to specify a negative index into the
> file-content buffer and copy data from that position until the end of the
> buffer.
> 
> This will allow an attacker to crash the process by accessing unmapped
> memory and (depending on how LibTIFF is used) might also allow an attacker
> to leak sensitive information.
> 
> The issue is fixed in CVS HEAD with the commit:
> 
> revision 1.49
> date: 2016-07-10 20:00:21 +0200;  author: erouault;
> commitid: YhOZoKv5OA9gNNdz;
> * libtiff/tif_read.c: Fix out-of-bounds read on
> memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1()
> when stripoffset is beyond tmsize_t max value (reported by
> Mathias Svensson)

Use CVE-2016-6223.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXh9YEAAoJEHb/MwWLVhi2NZIP/AlJLMTfzlrz/si4ZZdxud9U
yJTUt7t/zzzH7oLx0rzZb+hivMp6Z5P5Cqhn8eVzTj+hOMFTaZek+sBaf034WKxN
qZyaVdu4VHs1gpJNJpP7t0toXdUmNMh2CKsx7PUEfrM73o+VeiwaWgG8UvuJO5vd
28sspVqmhtfOmsPtx6mnIabnHtZG0N4TE/FUVKF9mRp73xlxhxB3gkwAzAXy5sRh
R23M0qU5v5HkryvUvKoA0sQ3H6dgMDMqUE/Gq6B67t2Lm98E0DLPnayCn5x/Jkzf
IrNGI8e2yRjqggeXKO/SRfmZSR/1qM43vGuHeYbgn0ZOJPPrFIv9+BY9uN6fIfpH
ox5x2GXFVMp79Rwnea2ywy0Z6mCBLvmFCs8In2B4GxoVJ+MUVAuhyFUqctgrZ81L
5uphXH8KDhKiY5k/qa6T9j2eNz13Por3UvK0irEixsgaUQzEz3wNUy8mW56L0mB0
4sCZVlH5zt5/eIDHRWxHrbBR3Oo27R21ONVP2MJTthcVthCiLnMvZEcNOOp7//MR
1FWYp3qsPrc858j7ZWtyXvpROscv/ivN7V6xzPvjYal+qVs4RPexwJ3/pUn63fms
mEZdDlbzR7ecLPXRHksx99FgT9R/ETgugd1oYKwgCo+zVgCHGrJH3XvhQQsHgCK+
A/ao2iuPSnQu1eG2aUSi
=Bszf
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.