oss-sec mailing list archives

CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288)

From: chunibalon <chunibalon () gmail com>
Date: Tue, 31 Jan 2017 13:17:43 +0800

Hi:

        These issues were discovered via libtiff 4.0.7, however after
upstream analysis they were found that they are in netpbm(10.47.63)
       The url of bug tracker:
        http://bugzilla.maptools.org/show_bug.cgi?id=2654
        http://bugzilla.maptools.org/show_bug.cgi?id=2655
        Then I mailed the maintainer of netpbm and he promised fix them in
the next Netpbm Super Stable release (the release series I tested) at the
end of March.
       Could you please assign CVE id's for these?

Best Regards,
chunibalon of VARAS@IIE

Current thread:

CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) chunibalon (Jan 30)
- Re: CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) cve-assign (Feb 01)
- <Possible follow-ups>
- CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288) chunibalon (Jan 30)