oss-sec mailing list archives
CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation
From: 张开翔 <zhangkaixiang () 360 cn>
Date: Wed, 15 Jun 2016 02:31:43 +0000
Details ======= Product: libtiff Affected Versions: <= 4.0.6 Vulnerability Type: illegel read Vendor URL: http://www.remotesensing.org/libtiff/ CVE ID: CVE-2016-5315 Credit: Kaixiang Zhang of the Cloud Security Team, Qihoo 360 Introduction ======= Read access violation occurred in function setByteArray in tif_dir.c, which allows attackers to result in DoS via a crafted TIFF image. Here is the stack info: gdb --args $tool/rgb2ycbcr id31.tif tmpout.tif --- --- (gdb) bt #0 _int_malloc (av=av@entry=0xb7d91780 <main_arena>, bytes=bytes@entry=29) at malloc.c:3728 #1 0xb7c3f44f in __GI___libc_malloc (bytes=29) at malloc.c:2914 #2 0xb7faa875 in _TIFFmalloc (s=29) at tif_unix.c:316 #3 0xb7e88d2d in setByteArray (elem_size=1, nmemb=<optimized out>, vp=0xbfffeab0, vpp=<optimized out>) at tif_dir.c:51 #4 _TIFFVSetField (tif=0x804e008, tag=270, ap=<optimized out>) at tif_dir.c:539 #5 0xb7e89fab in TIFFVSetField (tif=0x804e008, tag=270, ap=0xbfffea48 "\260\352\377\277\370\363\004\b") at tif_dir.c:820 #6 0xb7e8a094 in TIFFSetField (tif=0x804e008, tag=270) at tif_dir.c:764 #7 0x0804aa04 in tiffcvt (in=in@entry=0x804f148, out=out@entry=0x804e008) at rgb2ycbcr.c:339 (gdb) i r $ebx ebx 0x86868686 -2038004090 References: [1] http://www.remotesensing.org/libtiff/ Thank you! Best Regards,
Current thread:
- CVE-2016-5315: libtiff 4.0.6 tif_dir.c: setByteArray() Read access violation 张开翔 (Jun 14)