oss-sec mailing list archives

Re: libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173)

From: Moritz Muehlenhoff <jmm () debian org>
Date: Sat, 7 Apr 2012 14:45:24 +0200

On Sat, Apr 07, 2012 at 03:58:45PM +0400, Solar Designer wrote:

So far, I am only aware of Mandrake having announced this via
MDVSA-2012:054 published on April 5.  Some other distros appear to have
patched the issue or/and have made changelog/bug entries relating to it
public without issuing an advisory yet.


Not quite, the Debian update was released on the April 4:
http://lists.debian.org/debian-security-announce/2012/msg00077.html

Cheers,
        Moritz

Current thread:

libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173) Solar Designer (Apr 07)
- Re: libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173) Moritz Muehlenhoff (Apr 07)