oss-sec mailing list archives
Re: CVE Request: libtiff: Out-of-bounds Write memcpy and less bound check in tiff2pdf
From: <cve-assign () mitre org>
Date: Fri, 18 Nov 2016 19:00:55 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
http://bugzilla.maptools.org/show_bug.cgi?id=2579 tools/tiff2pdf.c: fix read -largely- outsize of buffer in t2p_readwrite_pdf_image_tile(), causing crash, when reading a JPEG compressed image with TIFFTAG_JPEGTABLES length being one. Reported as MSVR 35101 by Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team.
Out-of-bounds Write Caused by memcpy and no bound check.
will cause illegal write. An attacker may control the write address and/or value to result in denial-of-service or command execution.
Use CVE-2016-9453. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYL5R+AAoJEHb/MwWLVhi2Za4P/ioEFjcWkhT7AqaXUZ+G5dZ3 M9grgWYnmkBsGwqWD56LCNLjDcD4OexKOeogFMBbJkVFaMnyX4eq/uddNlIq2dne 9TiSm2+X4HKlbw4qiruUx3HbKsgUvQmMrowfGVA97KanT5bCIa/bt94G3/e1lLwl FZJ+qlooyFf8VBpR+3UWROPNSbD/m6DgRLDK0yDBxg0J2pKUJHJAu75Ql5BGXkC3 70yiP9r5Rz9MkrIrTjzRGBidG/aSlrzaPhDk88bNv7edFwUT2EJfndtLLINV3CNl 0eLCNX3MDb7jwCzw3DtRUPEmuqcBiAUdY/mU0V1IuO9+ipWJl959ELzdgpsFcJ9C 4SHCOYS3XHNJeJOaQJ9nJJUmWF6DgK2xhYfwTXeifQgaBdN2h0S8DByTQU14oqVw 5wJCXbGhWvbPq4NGDVG8ATIkgh+K1zoKn/06C/W4lyEgEc8w17xE2GDFyOglrTYt EYQZg5qeES940DU+khUOeSp+YOb/m3UCaUmJd/DKOcOofdoUZUVakLXfBMyKZ9rp VRYS8k80wwhM5KZWuiGpCOAVVW+BHFCBYgSmXZ+mA6fVP8fqooUy5G+7mjiMidzl uyip79HBywTkawVnAEQS5RHgdNOvVIwS6j8rbQN+M5dTseTPdoifRsbJmKLlWEfl u/1E3rv67yYtw4XU/Rr7 =Np2d -----END PGP SIGNATURE-----
Current thread:
- CVE Request: libtiff: Out-of-bounds Write memcpy and less bound check in tiff2pdf ChenQin (Nov 18)
- Re: CVE Request: libtiff: Out-of-bounds Write memcpy and less bound check in tiff2pdf cve-assign (Nov 18)