oss-sec mailing list archives

Re: Multiple vulnerabilities in LibTIFF and associated tools

From: cve-assign () mitre org
Date: Sat, 7 Feb 2015 12:13:13 -0500 (EST)

http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif

 - uninitialized memory in putcontig8bitYCbCr21tile
   Fixed in:

     2014-12-29  Even Rouault  <even.rouault () spatialys com>

     * libtiff/tif_getimage.c: in OJPEG case, fix checks on strile width/height
       in the putcontig8bitYCbCr42tile, putcontig8bitYCbCr41tile and
       putcontig8bitYCbCr21tile cases.

   I don't think this had a CVE number assigned yet.

http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif

 - uninitialized memory in NeXTDecode
   Fixed in:

     2014-12-29  Even Rouault  <even.rouault () spatialys com>

     * libtiff/tif_next.c: add new tests to check that we don't read outside of
     the compressed input stream buffer.

   I don't think this had a CVE number assigned yet.

Use CVE-2014-9655 for these two issues related to access of uninitializedmemory, as demonstrated by libtiff-cvs-1.tif and libtiff-cvs-2.tif.

http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif

 - another use of uninitialized memory in NeXTDecode after fixing the
previous case.
   I don't think this had a CVE number assigned yet.



Use CVE-2015-1547 for this issue.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Current thread:

Multiple vulnerabilities in LibTIFF and associated tools William Robinet (Jan 24)
- Re: Multiple vulnerabilities in LibTIFF and associated tools Michal Zalewski (Jan 24)
  - Re: Multiple vulnerabilities in LibTIFF and associated tools cve-assign (Feb 07)