Full Disclosure mailing list archives
CVE-2014-9330: Libtiff integer overflow in bmp2tiff
From: Project Zero Labs <labs () projectzero gr>
Date: Mon, 22 Dec 2014 18:11:27 +0200
---------- Background ----------Libtiff provides support for the Tag Image File Format (TIFF), a widely used format for storing image data.
---------------- Software Version ---------------- All tests were performed using libtiff 4.0.3 ----------- Description -----------Fuzzing bmp2tiff, using the afl-fuzzer, revealed an integer overflow issue related to the dimensions of the input BMP image. The issue resulted in an out-of-bounds memory read which causes the application to crash. Details can be found at http://bugzilla.maptools.org/show_bug.cgi?id=2494.
-------- Timeline -------- 2014-12-09 Discovery reported to libtiff bug tracker 2014-12-21 Issue was fixed 2014-12-22 Public Disclosure ------- Credits ------- Reported by Paris Zoumpouloglou of Project Zero labs -- Project Zero Labs @projectzerolabs https://www.projectzero.gr _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2014-9330: Libtiff integer overflow in bmp2tiff Project Zero Labs (Dec 22)
- Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Michal Zalewski (Dec 22)
- Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Paris Zoumpouloglou (Dec 22)
- Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Michal Zalewski (Dec 22)