oss-sec mailing list archives
CVE-2017-7593: libtiff: Potential unitialized-memory access from tif_rawdata
From: "Agostino Sarubbo" <ago () gentoo org>
Date: Mon, 10 Apr 2017 07:04:59 +0000
http://bugzilla.maptools.org/show_bug.cgi?id=2651 : It is possible to end up accessing un-intialized memory from tif_rawdata. A potential fix can be seen at: https://pdfium-review.googlesource.com/c/2150/ ################# Fixed per 2017-01-11 Even Rouault <even.rouault at spatialys.com> * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add_TIFFcalloc() * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero initialize tif_rawdata. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651 -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- CVE-2017-7593: libtiff: Potential unitialized-memory access from tif_rawdata Agostino Sarubbo (Apr 10)