oss-sec mailing list archives
Re: libtiff: multiple heap-based buffer overflow
From: Agostino Sarubbo <ago () gentoo org>
Date: Sat, 25 Mar 2017 15:11:02 +0100
On Sunday 01 January 2017 16:48:02 Agostino Sarubbo wrote:
Permalink: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-o verflow
# tiffcp -i $FILE /tmp/foo
==16440==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x62500000e861 at pc 0x0000004531de bp 0x7ffd2aba5c30 sp 0x7ffd2aba53e0
READ of size 78490 at 0x62500000e861 thread T0
#1 0x7f280456d37b in _tiffWriteProc /tmp/portage/media-
libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_unix.c:115:23
This is CVE-2016-10268
#tiffcp -i $FILE /tmp/foo
==10398==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000eef4 at pc 0x0000004bc235 bp 0x7fff3ebfa700 sp 0x7fff3ebf9eb0
READ of size 512 at 0x60200000eef4 thread T0
#1 0x7fcaf590cf0d in _TIFFmemcpy /tmp/portage/media-
libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_unix.c:340:2
This is CVE-2016-10269
# tiffcp -i $FILE /tmp/foo
==15106==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000edd8 at pc 0x7f33918c5de3 bp 0x7ffc5abe6ba0 sp 0x7ffc5abe6b98
READ of size 8 at 0x60200000edd8 thread T0
#0 0x7f33918c5de2 in TIFFFillStrip /tmp/portage/media-
libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_read.c:523:22
This is CVE-2016-10270
# tiffcrop -i $FILE /tmp/foo
==9181==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x7fd3b2e277f8 at pc 0x7fd3b7a762cc bp 0x7ffffd6e2550 sp 0x7ffffd6e2548
READ of size 1 at 0x7fd3b2e277f8 thread T0
#0 0x7fd3b7a762cb in _TIFFFax3fillruns /tmp/portage/media-
libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_fax3.c:413:13
This is CVE-2016-10271
# tiffcrop -i $FILE /tmp/foo
==29649==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x62d00000a3fc at pc 0x0000004bc48c bp 0x7ffd6f23c680 sp 0x7ffd6f23be30
WRITE of size 2048 at 0x62d00000a3fc thread T0
#1 0x7fcac5ac0033 in NeXTDecode /tmp/portage/media-
libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_next.c:64:9
This is CVE-2016-10272 -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- libtiff: multiple heap-based buffer overflow Agostino Sarubbo (Jan 01)
- Re: libtiff: multiple heap-based buffer overflow cve-assign (Jan 01)
- Re: Re: libtiff: multiple heap-based buffer overflow Agostino Sarubbo (Jan 01)
- Re: libtiff: multiple heap-based buffer overflow Agostino Sarubbo (Mar 25)
- Re: libtiff: multiple heap-based buffer overflow cve-assign (Jan 01)