oss-sec mailing list archives

Re: CVE request libtiff: out-of-bounds read in CIE Lab image format

From: cve-assign () mitre org
Date: Fri, 25 Dec 2015 22:10:58 -0500 (EST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

If the data of image is packed ... a pixel only owns one byte. But in
the implementation of putcontig8bitCIELab, it eats 3 bytes per pixel.
This will lead to an out-of-bounds read

tif_getimage.c, libtiff v4.0.6

DECLAREContigPutFunc(putcontig8bitCIELab)


Use CVE-2015-8683.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWfgSfAAoJEL54rhJi8gl5gSkP/Amj1H6Tkb0IbaNaAbowHfeg
9j/mJ8EEzkokXlEgP/1GwElnwOw7e2wRE6HP8is1eFmoEKzrOW06RSYmqT6S88jT
QkKqH/YCvpdgNlwBH+a88KIwfDqX1KAlPVrWtrgv5RWk+gRaH6Z8lYlCzFDq54Yw
DnoZKaw+qMvsxmBvKOPgSB2pYQ6XjtxI8iFSZqpWc8utsmRlVnnV86/ocT3gVFN8
Sn0Cs94uRhsg7P41eWSA+l1A2phE3RB3xflMU4HKlii3wBLvEFMTNkYSPe5IopB0
XYxmwYsbQOTr0GWmrmjRYUvQlNn5o8XN3LaKGUOkpFzxvAxJrD2sATXhqeVSPyjw
WmeKBfJc0bNQxqYpxssJpDZnpwpG/eSm5RNSL85IZwB+XAVDjq5HejWwmCExkDSU
cNd06MghW42aHQPqJuSDK0VO6gQ4lcrXQf8VVRHLeAg4N40C0znt4aYIuu0FYJ0Z
D9qwrph0o6soYQXo0OeiBdTko7Vm1CN77f8icHT6SonLOXVndkjSxc3dsvumAhWk
HWPIDlDfCk162zKrSw83wCdzYTO3Nrt9yVOntmQoRzGgOhcXoZWIg6GVyDZAeRxy
9dT2MH7oXOjyM7wzxhiQyDGrsKVQjlw2zwXMTohY9MXUmfNrXMQP92ageSXxAR/m
9GaWzVP4oKh2l3uip3rH
=Yunc
-----END PGP SIGNATURE-----

Current thread:

CVE request libtiff: out-of-bounds read in CIE Lab image format 范祚至(库特) (Dec 25)
- Re: CVE request libtiff: out-of-bounds read in CIE Lab image format Solar Designer (Dec 25)
- Re: CVE request libtiff: out-of-bounds read in CIE Lab image format cve-assign (Dec 25)