oss-sec mailing list archives

CVE request -- Out-of-bounds Read in libtiff

From: limingxing <limingxing () 360 cn>
Date: Thu, 24 Dec 2015 06:36:03 +0000

Hello, 

We want to report 1 vulnerability in libtiff 4.0.6! 
The issue is about  tif_getimage.c line: 1403

UNROLL8(w, NOP,
            *cp++ = PACK4(pp[0], pp[1], pp[2], pp[3]);
            pp += samplesperpixel);

if  samplesperpixel = 3 ，pp[3] cause Out-of-bounds Read !


Could you give we a cve ?  Please credit it for:   “LMX of Qihoo 360 Codesafe Team”



Best Regards,

Attachment: poc.zip
Description: poc.zip

Current thread:

CVE request -- Out-of-bounds Read in libtiff limingxing (Dec 23)
- Re: CVE request -- Out-of-bounds Read in libtiff cve-assign (Dec 24)