oss-sec mailing list archives

CVE-2017-7593: libtiff: Potential unitialized-memory access from tif_rawdata

From: "Agostino Sarubbo" <ago () gentoo org>
Date: Mon, 10 Apr 2017 07:04:59 +0000

http://bugzilla.maptools.org/show_bug.cgi?id=2651 :

It is possible to end up accessing un-intialized memory from tif_rawdata. A
potential fix can be seen at: https://pdfium-review.googlesource.com/c/2150/

#################

Fixed per 

2017-01-11 Even Rouault <even.rouault at spatialys.com>

        * libtiff/tiffio.h, tif_unix.c, tif_win32.c, tif_vms.c: add_TIFFcalloc()

        * libtiff/tif_read.c: TIFFReadBufferSetup(): use _TIFFcalloc() to zero
        initialize tif_rawdata.
        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2651

--
Agostino Sarubbo
Gentoo Linux Developer

Current thread:

CVE-2017-7593: libtiff: Potential unitialized-memory access from tif_rawdata Agostino Sarubbo (Apr 10)