oss-sec mailing list archives
Re: DoS in libtiff
From: cve-assign () mitre org
Date: Tue, 22 Sep 2015 16:52:45 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
We found a DoS using a crafted tiff file that causes a OOM kill
If you run it with ltrace, you can see some very large reallocs
Use CVE-2015-7313. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWAbzpAAoJEL54rhJi8gl5+bQP/i/xWz22LGpaKlwEHRLLUbml 8wIlyokkQMyxF5JfmND/2bvr7P0RisaYCr93C0Mdmvob/l2ht8FVHdruGwy+nHq2 aLFO/q4odopAGjT/UdIaI4j+M9AbHWKuuielfxX87RalCLbz8Lv2Ny7hoTnyVlAK th0Vvz8bdVeEn6EXU2iEtXjtmh+tV+e8NL+Csvkp7A/FLAJneadgVhR0m+qlVNBA YT/PP0SeQ9e3Zlyv8UVKazGvV4LgqjrrS/kg9mk8FRmm/oCgpkNM3/VuS2Xn5CSM fmWju1e5iJur+lIRD7NCWexipzelM/9BxYi07uxH2ZmC1zwCckblUqlJDHVIpLrU DHbVhGsBzBk3n49TiQgh3G8q5Df9CpPqiMozANCnI13tA8IU+nE6et6toQOtiX0b UyAuNEG7m/1HqbG4f6sSXfJXAujDZXJRAERU7VPVBxMlwvh8fIwR4d+rsrMyuC7w 6RusT0Gv2yYetBJgbzCcktqu7DcBKKG9NN2Cndhc7v9yV4utdZ+bxhOi77no3BFt OdlOtrx0Y8wd/c8bG5JNvzSOHZhGmZD1hU5aUQJtu0izBbKG598jW0BdtBmG8ZQH fSn+Wuw49iC9VyJ6Cs9t4pRX6kGh4CW3EkiOnyKjFF+UQdcdAAV+hWVvAcJfEtAY qiVsVTUHJxNOaBsqJvlp =o1Fp -----END PGP SIGNATURE-----
Current thread:
- DoS in libtiff Gustavo Grieco (Sep 21)
- Re: DoS in libtiff cve-assign (Sep 22)
- Re: DoS in libtiff Gustavo Grieco (Sep 23)
- Re: DoS in libtiff cve-assign (Sep 22)