Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Nov 2016 17:32:09 -0600
From: "Brian 'geeknik' Carpenter" <>
Subject: CVE Request: libtiff: heap buffer overflow/read outside of array

Hi, could you assign a CVE to the following issue in libtiff?

Fixed per
>> 2016-11-10 Even Rouault <even.rouault at>
>> * libtiff/tif_strip.c: make TIFFNumberOfStrips() return the
>>   td->td_nstrips value when it is non-zero, instead of recomputing it.
>>   This is needed in TIFF_STRIPCHOP mode where td_nstrips is modified.
>>   Fixes a read outside of array in tiffsplit
>>   (or other utilities using TIFFNumberOfStrips()).
>>  /cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
>>  new revision: 1.1151; previous revision: 1.1150
>>  /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v  <--
>>  new revision: 1.37; previous revision: 1.36


Brian 'geeknik' Carpenter

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.