[Secure-testing-team] Bug#844226: tiff: potential read outside buffer in _TIFFPrintField()
Salvatore Bonaccorso
carnil at debian.org
Sun Nov 13 16:07:22 UTC 2016
Source: tiff
Version: 4.0.6-3
Severity: normal
Tags: security upstream patch
Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2590
Hi
There is a potential read out-of-bounds read in _TIFFPrintField() as
described via http://bugzilla.maptools.org/show_bug.cgi?id=2590 :
It is fixed per:
> Fixed per
>
> 2016-11-11 Even Rouault <even.rouault at spatialys.com>
>
> * libtiff/tif_dirread.c: in TIFFFetchNormalTag(), make sure that
> values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII
> access are null terminated, to avoid potential read outside buffer
> in _TIFFPrintField().
> Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2590
I was not able to easily follow the reproducer in on my testsetup,
though from looking at the source it looks present as per 4.0.6-3
Debian source package.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list