oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352) and putgreytile()(tiff-4.0.7/libtiff/tif-getimage.c:1288)

From: <cve-assign () mitre org>
Date: Thu, 2 Feb 2017 00:49:41 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


they are in netpbm(10.47.63)



http://bugzilla.maptools.org/show_bug.cgi?id=2654
http://bugzilla.maptools.org/show_bug.cgi?id=2655



netpbm calls TIFFRGBAImageGet with width and
height parameters switched because it looks at the TIFF orientation tag and
thinks that TIFFRGBAImageGet will do a transposition

assumption is violated here when switching width and height as the width passed
to TIFFRGBAImageGet becomes 32800 which is greater than the original width of
32


Use CVE-2017-5849 for both 2654 and 2655.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYksbdAAoJEHb/MwWLVhi2mgoP/j2QykW5WoefH+BF9ah0jCGD
KoDC6fM9Xcz5dH0pr3bYSDC6X8nwUJKmRCRZSNJ1Y4ATP4JmqoG7kLcZNxF1q1YK
l9cWoqdn14JpiLH125y5IcQTbMjsIU4ED2OnfJ65u3vuRizyDmmsrcWHExcFGjS5
+EJmZK1CLsStTZTNBlxc3m2/aObxSTYR5eFvgza1Regk2q+GmIZWQd3VRQBuMDAm
nK32FOWt4Ace9djcxrqkWz4+bdz70JoQZaBBloe/DFkqwE3/TBBbWMf+bn584vLr
nP7gxrjfI9M/B2/Ac7WBT8POw//bo25C0X0LJlSnLjVmIiTcXjGnlMe87thNHJkQ
Lxsg5OnZOhZZvQgpz61567eDX5h9xv7U51ebS59qFpD4yp63znV9tA8DtiZ9WKxn
5e28tfxAABzDWclUJEx6/kobNKytgyTvvPbIrKo75b9FvoYE9lXDLW0eR6fk745Q
0GyP4wptvbPga5aNZpCOBbq9IwXm2yNCGbUvSLNMm+ZPPo80Fs1sBdX26bvTqV0k
FRC0jbp/bcGdC7vSWja3XS9YJSHAZdhlNXFF1sxf+H1Ia5SiYMFWNTyYYER34DZN
EW4RxC0I+pEBsvV6fbznEKo2Abn8AqiyIxJ5orKsie5KOg73vHCx3KMWLPP2HOaW
RZ1j4Wy9tBaf0S+AMiFc
=wfq9
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: