oss-sec mailing list archives
Re: CVE-2016-9297 LibTIFF regression
From: <cve-assign () mitre org>
Date: Fri, 18 Nov 2016 18:57:21 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
CVE-2016-9297 vulnerability reported in http://bugzilla.maptools.org/show_bug.cgi?id=2590 had a regression, which is fixed in http://bugzilla.maptools.org/show_bug.cgi?id=2593 * libtiff/tif_dirread.c: in TIFFFetchNormalTag(), do not dereference NULL pointer when values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are 0-byte arrays. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2593 (regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297).
Use CVE-2016-9448 for the vulnerability fixed in 2593. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYL5SIAAoJEHb/MwWLVhi2AzYP/2SarSYSo50EUpN0P21HbPSO IEulwCp/UJ8S4Uu+0SlXs3vhBzi9OMJGjAAT73dqekzmvuWzXwwmXdTVdPhXYRQN YrqK3K1QIn/gbFzAAbV6uzntktABhReJi0Rx57/kkfWbRHsIclD+nAJfY+yQWmkK h1NS3DgBPcIffswM2EtbRU6hWWkdEHoxeiezIrk5o/hSHFt9AFP5yVNmcid63Hgp rSgFfGIghkOrWQ3YSh9+bqCGC0dxHoBpvGR+yu0VEFFaLsh/EIjcy7kj1RBBAZWT MpiSu0gTq2UMn8r/6H6Citxq79Iva+pafL8afCTsaAl8fMJ5aNsTj5JKEzcm83Hr 6riZMZv3AjizN+8x1lDFWcL1uN7Z+wilUU22/n7Qi1RGjzq74Vrs9Dabj0YoRZFV 9ukCOGqhpfGGwUrsVkwva26LvFei8nbP+P7f46AN8752HEugxt+uQhKixgco/ijf 25AYLDdBR3gIVMjJ44bSxKdHPBrFPMLMhU21huPD0w0upWTj220Sz7phvlF5oE8R eogTOcNdDjMODtO8LHgSNviHQxc2Am03G0B6H/xm2NV7V2UQgvYHUOyQGU6jmJyY BMwT6zaSALNs+g2WbKY6a/AuPnpUoKaabRtWNabAdd36o+lHsw7bliMyfDr9K4Lr J6Cf8vBaL2h6W4whAQR7 =Jmyq -----END PGP SIGNATURE-----
Current thread:
- CVE-2016-9297 LibTIFF regression Henri Salo (Nov 18)
- Re: CVE-2016-9297 LibTIFF regression cve-assign (Nov 18)