oss-sec mailing list archives
Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format
From: cve-assign () mitre org
Date: Wed, 29 Jun 2016 10:29:13 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
heap-based buffer overflow in LibTIFF in the file libtiff/tif_pixarlog.c. The vulnerability allows an attacker to control the size of the allocated heap-buffer while independently controlling the data to be written to the buffer with no restrictions on the size of the written data. revision 1.44 date: 2016-06-28 17:12:19 +0200; author: erouault; commitid: 2SqWSFG5a8Ewffcz; * libtiff/tif_pixarlog.c: fix potential buffer write overrun in PixarLogDecode() on corrupted/unexpected images (reported by Mathias Svensson)
Use CVE-2016-5875. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXc9qbAAoJEHb/MwWLVhi2SmoP/iycenqjeZtYwVOBTw09R7cq Bgb6m/EvOeK7dxwW+PHMLnyM1bdCk1ZL4mocOPJwrsFLj1wm8QBsCWtF2nLsV2tA 59rtB8OEdDIL9rl/kArHf/ozqY1O8CSxFts0IqeU40/wp9SHHGK3U9N63LjqBXrP IvhLFvfGdXyXWISfqP1ve7VkXR8AsVZ/zJVjwPFHXbjzYMOmKeo1V6jRlTBHWEai TPTtmehZyG9mwVHu18QKJNI3Xc1S0evadv576MUCsyCdU5zIuVbGNPNEQXhX7/ZB iX9YnWxT+a+aomECJgbF5tXUZy82EqoQU+kfnMkIHUJlxImCAemFAqTeQZ8Z5cjQ OA73XZhUWp93P7y/ncKpWyRyIDc159R7CpKFa+fC7ax8btJp6vOx3VNM7LwdZ4Dg BVUprEW+eeAvqQ7dDh/lmZ4ynrwd+uWZZTRXBDPNkJvB5vifyIR+79qf8uLDIWRw MXMzY9ANqZQwyASiu1j0DWwrr8sWALFR3AznIH0Ny1VEJwIVLYBhp97Dh/nkyLUe 1q+SdiSKtkvCSYlSMhehbETITlGVa6pht7Kh0PLm4ZzAkxZqq5u29hRrf7XOvMpl WJMY/2YqjouCRWYvotiw970plPHqOozcTz/WFGZHTNBj5fh/iFe/ZEsaF/WjpN95 l3SBEFinwfRH77apDjF1 =0JY6 -----END PGP SIGNATURE-----
Current thread:
- CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format Mathias Svensson (Jun 29)
- Re: CVE request: Heap-based buffer overflow in LibTIFF when using the PixarLog compression format cve-assign (Jun 29)