oss-sec mailing list archives

Re: CVE requests: LibTIFF

From: Tomas Hoger <thoger () redhat com>
Date: Tue, 29 Jun 2010 18:27:27 +0200

On Tue, 29 Jun 2010 08:05:25 -0400 Dan Rosenberg wrote:

On request, I'm re-posting the issues which I think actually deserve
CVE ids.


I believe the disagreement here is caused by different opinions on what
should be and what does not need to be called security.

2.  A NULL pointer derefrence in TIFFVGetField() may result in
application crash
(https://bugs.launchpad.net/ubuntu/lucid/+source/tiff/+bug/589145).


This got CVE-2010-2443 from Mitre few days ago.  But I guess you're
going to (or should?) ask for one more for td_stripbytecount case I
pointed out in one of the previous replies (split due to different
fixed-in version).  Sauli's fuzzer to blame for the discovery again ;).

-- 
Tomas Hoger / Red Hat Security Response Team

Current thread:

CVE requests: LibTIFF Dan Rosenberg (Jun 23)
- Re: CVE requests: LibTIFF Tomas Hoger (Jun 24)
  - Re: CVE requests: LibTIFF Dan Rosenberg (Jun 24)
    - Re: CVE requests: LibTIFF Tomas Hoger (Jun 24)
    - Re: CVE requests: LibTIFF Dan Rosenberg (Jun 29)
    - Re: CVE requests: LibTIFF Tomas Hoger (Jun 29)
    - Re: CVE requests: LibTIFF Dan Rosenberg (Jun 29)
    - Re: CVE requests: LibTIFF Josh Bressers (Jun 30)
    - Re: CVE requests: LibTIFF Dan Rosenberg (Jun 30)
- <Possible follow-ups>
- Re: CVE requests: LibTIFF Josh Bressers (Jun 30)