oss-sec mailing list archives

CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format

From: Mathias Svensson <idolf () google com>
Date: Wed, 29 Jun 2016 14:08:14 +0200

Hello oss-security,

I would like to request a CVE number for a heap-based buffer overflow in
LibTIFF in the file libtiff/tif_pixarlog.c. The vulnerability allows an
attacker to control the size of the allocated heap-buffer while
independently controlling the data to be written to the buffer with no
restrictions on the size of the written data.

The bug seems to be at least superficially related to CVE-2012-4447,
however this vulnerability seems to be a separate issue and not just a case
of an insufficient fix.

The issue is fixed in CVS HEAD with the commit:

revision 1.44
date: 2016-06-28 17:12:19 +0200;  author: erouault;  state: Exp;  lines: +9
-1;  commitid: 2SqWSFG5a8Ewffcz;
* libtiff/tif_pixarlog.c: fix potential buffer write overrun in
PixarLogDecode() on corrupted/unexpected images (reported by Mathias
Svensson)


Kind regards,
Mathias Svensson, Google Security Team

Current thread:

CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format Mathias Svensson (Jun 29)
- Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format cve-assign (Jun 29)
  - Re: Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format ncl () cock li (Jun 29)