oss-sec mailing list archives
Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6
From: Jodie Cunningham <jodie.cunningham () gmail com>
Date: Tue, 26 Apr 2016 23:26:13 -0500
On Tue, Apr 26, 2016 at 10:36 PM, PXO炳林 <271193918 () qq com> wrote:
Hello oss-security, I did some test and found three bugs refer to buffer overflow: one stack buffer overflow in thumbnail and two buffer overflows in bmp2tiff. Please let me know whether CVE Identifier number could be assigned. Overview: Running each poc file crashes thumbnail and bmp2tiff made with AddressSanitizer in tiff-4.0.6. I have attached poc and log files . ------------------ From Debug_Orz
Is there a patch upstream?
Current thread:
- 3 bugs refer to buffer overflow in in libtiff 4.0.6 PXO???? (Apr 26)
- Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Jodie Cunningham (Apr 26)
- ?????? [oss-security] 3 bugs refer to buffer overflow in in libtiff 4.0.6 PXO???? (Apr 27)
- Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Bob Friesenhahn (Apr 27)
- Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 cve-assign (Jun 06)
- Re: 3 bugs refer to buffer overflow in in libtiff 4.0.6 Jodie Cunningham (Apr 26)