[Secure-testing-team] Bug#844057: tiff: Heap buffer overflow via writeBufferToSeparateStrips tiffcrop.c:1170
Salvatore Bonaccorso
carnil at debian.org
Sat Nov 12 05:37:00 UTC 2016
Source: tiff
Version: 4.0.6-3
Severity: normal
Tags: security upstream patch
Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2592
Hi
See http://bugzilla.maptools.org/show_bug.cgi?id=2592 and
http://www.openwall.com/lists/oss-security/2016/11/11/14 . It is
reproducible with an ASAN build and the reproducer attached to the
upstream bugreport.
No CVE has beeen assigned yet; though maybe will not since seems to
affect only the tiffcrop tool.
Please adjust the affected versions as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list