Re: CVE request: Information leak in LibTIFF

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> I would like to request a CVE number for an information leak in LibTIFF,
> specifically in the file libtiff/tif_read.c.
>
> The vulnerability allows an attacker to specify a negative index into the
> file-content buffer and copy data from that position until the end of the
> buffer.
>
> This will allow an attacker to crash the process by accessing unmapped
> memory and (depending on how LibTIFF is used) might also allow an attacker
> to leak sensitive information.
>
> The issue is fixed in CVS HEAD with the commit:
>
> revision 1.49
> date: 2016-07-10 20:00:21 +0200;  author: erouault;
> commitid: YhOZoKv5OA9gNNdz;
> * libtiff/tif_read.c: Fix out-of-bounds read on
> memory-mapped files in TIFFReadRawStrip1() and TIFFReadRawTile1()
> when stripoffset is beyond tmsize_t max value (reported by
> Mathias Svensson)

Use CVE-2016-6223.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXh9YEAAoJEHb/MwWLVhi2NZIP/AlJLMTfzlrz/si4ZZdxud9U
yJTUt7t/zzzH7oLx0rzZb+hivMp6Z5P5Cqhn8eVzTj+hOMFTaZek+sBaf034WKxN
qZyaVdu4VHs1gpJNJpP7t0toXdUmNMh2CKsx7PUEfrM73o+VeiwaWgG8UvuJO5vd
28sspVqmhtfOmsPtx6mnIabnHtZG0N4TE/FUVKF9mRp73xlxhxB3gkwAzAXy5sRh
R23M0qU5v5HkryvUvKoA0sQ3H6dgMDMqUE/Gq6B67t2Lm98E0DLPnayCn5x/Jkzf
IrNGI8e2yRjqggeXKO/SRfmZSR/1qM43vGuHeYbgn0ZOJPPrFIv9+BY9uN6fIfpH
ox5x2GXFVMp79Rwnea2ywy0Z6mCBLvmFCs8In2B4GxoVJ+MUVAuhyFUqctgrZ81L
5uphXH8KDhKiY5k/qa6T9j2eNz13Por3UvK0irEixsgaUQzEz3wNUy8mW56L0mB0
4sCZVlH5zt5/eIDHRWxHrbBR3Oo27R21ONVP2MJTthcVthCiLnMvZEcNOOp7//MR
1FWYp3qsPrc858j7ZWtyXvpROscv/ivN7V6xzPvjYal+qVs4RPexwJ3/pUn63fms
mEZdDlbzR7ecLPXRHksx99FgT9R/ETgugd1oYKwgCo+zVgCHGrJH3XvhQQsHgCK+
A/ao2iuPSnQu1eG2aUSi
=Bszf
-----END PGP SIGNATURE-----