oss-sec mailing list archives
Re: Multiple vulnerabilities in LibTIFF and associated tools
From: cve-assign () mitre org
Date: Sat, 7 Feb 2015 12:13:13 -0500 (EST)
http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif - uninitialized memory in putcontig8bitYCbCr21tile Fixed in: 2014-12-29 Even Rouault <even.rouault () spatialys com> * libtiff/tif_getimage.c: in OJPEG case, fix checks on strile width/height in the putcontig8bitYCbCr42tile, putcontig8bitYCbCr41tile and putcontig8bitYCbCr21tile cases. I don't think this had a CVE number assigned yet. http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif - uninitialized memory in NeXTDecode Fixed in: 2014-12-29 Even Rouault <even.rouault () spatialys com> * libtiff/tif_next.c: add new tests to check that we don't read outside of the compressed input stream buffer. I don't think this had a CVE number assigned yet.
Use CVE-2014-9655 for these two issues related to access of uninitialized memory, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.
http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif - another use of uninitialized memory in NeXTDecode after fixing the previous case. I don't think this had a CVE number assigned yet.
Use CVE-2015-1547 for this issue. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Current thread:
- Multiple vulnerabilities in LibTIFF and associated tools William Robinet (Jan 24)
- Re: Multiple vulnerabilities in LibTIFF and associated tools Michal Zalewski (Jan 24)
- Re: Multiple vulnerabilities in LibTIFF and associated tools cve-assign (Feb 07)
- Re: Multiple vulnerabilities in LibTIFF and associated tools Michal Zalewski (Jan 24)