Re: CVE-2016-3631 - libtiff 4.0.6 illegel read

[Alan Coopersmith <alan.coopersmith () oracle com>]

On 04/ 8/16 12:12 AM, 张开翔 wrote:
> Details
> =======
>
> Product: libtiff
> Affected Versions: <= 4.0.6
> Vulnerability Type: Illegel read
> Vendor URL: http://www.libtiff.org/
> CVE ID: CVE-2016-3631
> Credit: Kaixiang Zhang of the Cloud Security Team, Qihoo 360
>
> Introduction
>
> Illegal read occurs in the cpStrips and cpTiles function in thumbnail.c in thumbnail allows attackers to exploit this 
> issue to cause denial-of-service.

While this CVE is not listed in the libtiff 4.0.7 release notes, that
version appears to resolve it via this release note item:
   'The libtiff tools rgb2ycbcr and thumbnail are only built in the build
    tree for testing.'

I still can't find a bug id specifically for this one in the libtiff bug
tracker, but for the similar CVE-2016-3634 this removal is listed as the
resolution in http://bugzilla.maptools.org/show_bug.cgi?id=2547 .

--
        -Alan Coopersmith-              alan.coopersmith () oracle com
         Oracle Solaris Engineering - http://blogs.oracle.com/alanc