oss-sec mailing list archives

CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression

From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 24 Jan 2016 16:37:37 +0100

Hi

Could you assign a CVE for the following issue in tiff:

http://bugzilla.maptools.org/show_bug.cgi?id=2522

2015-12-27  Even Rouault <even.rouault at spatialys.com>

        * libtiff/tif_luv.c: fix potential out-of-bound writes in decode
        functions in non debug builds by replacing assert()s by regular if
        checks (bugzilla #2522).
        Fix potential out-of-bound reads in case of short input data.


Fixing commit:

https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65

Regards,
Salvatore

Current thread:

CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression Salvatore Bonaccorso (Jan 24)
- Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression cve-assign (Jan 24)
- Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression anarcat (Feb 05)