oss-sec mailing list archives
libtiff buffer underflow in LZWDecodeCompat
From: Kees Cook <kees () ubuntu com>
Date: Sun, 21 Jun 2009 17:14:24 -0700
A crafted TIFF can crash libtiff in LZWDecodeCompat via underflow (different from CVE-2008-2327). Based on discussions[1] and a quick analysis[2], I don't think this is exploitable, but it does lead to crashes in any application using libtiff. I've reported it upstream[3], with the attached patch. Has anyone else looked this over? -Kees [1] http://www.lan.st/showthread.php?t=1856&page=3 [2] https://bugs.launchpad.net/bugs/380149 [3] http://bugzilla.maptools.org/show_bug.cgi?id=2065 -- Kees Cook Ubuntu Security Team
Attachment:
lzw_underflow.patch
Description:
Current thread:
- libtiff buffer underflow in LZWDecodeCompat Kees Cook (Jun 21)
- Re: libtiff buffer underflow in LZWDecodeCompat Vincent Danen (Jun 23)
- CVE Request -- libtiff [was: Re: [oss-security] libtiff buffer underflow in LZWDecodeCompat] Jan Lieskovsky (Jun 29)
- Re: libtiff buffer underflow in LZWDecodeCompat Vincent Danen (Jun 23)