oss-sec mailing list archives
3 bugs refer to buffer overflow in in libtiff 4.0.6
From: "PXO????" <271193918 () qq com>
Date: Wed, 27 Apr 2016 11:36:32 +0800
Hello oss-security, I did some test and found three bugs refer to buffer overflow: one stack buffer overflow in thumbnail and two buffer overflows in bmp2tiff. Please let me know whether CVE Identifier number could be assigned. Overview: Running each poc file crashes thumbnail and bmp2tiff made with AddressSanitizer in tiff-4.0.6. I have attached poc and log files . Steps to Reproduce: 1) download the source code of tiff-4.0.6 from url (http://download.osgeo.org/libtiff/tiff-4.0.6.tar.gz) and compile it with gcc AddressSanitizer 2) cd the directory where the bmp2tiff with Asan is and put a poc 3) run a poc file with bmp2tiff made with AddressSanitizer (ASan) in tiff-4.0.6 4) eg: ./bmp2tiff ./crashes/poc_745.bmp 1.tiff; ./bmp2tiff ./crashes/poc_775.bmp 1.tiff Actual Results: The application thumbnail and bmp2tiff 4.0.6 crashed after run the poc. Asan detect crashes. ------------------ From Debug_Orz
Attachment:
thumbnail_bmp2tiff_pocs_logs.7z
Description:
Current thread:
- 3 bugs refer to buffer overflow in in libtiff 4.0.6 PXO???? (Apr 26)
- Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Jodie Cunningham (Apr 26)
- ?????? [oss-security] 3 bugs refer to buffer overflow in in libtiff 4.0.6 PXO???? (Apr 27)
- Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Bob Friesenhahn (Apr 27)
- Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 cve-assign (Jun 06)
- Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Jodie Cunningham (Apr 26)