oss-sec mailing list archives
Re: libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173)
From: Moritz Muehlenhoff <jmm () debian org>
Date: Sat, 7 Apr 2012 14:45:24 +0200
On Sat, Apr 07, 2012 at 03:58:45PM +0400, Solar Designer wrote:
So far, I am only aware of Mandrake having announced this via MDVSA-2012:054 published on April 5. Some other distros appear to have patched the issue or/and have made changelog/bug entries relating to it public without issuing an advisory yet.
Not quite, the Debian update was released on the April 4: http://lists.debian.org/debian-security-announce/2012/msg00077.html Cheers, Moritz
Current thread:
- libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173) Solar Designer (Apr 07)
- Re: libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173) Moritz Muehlenhoff (Apr 07)