oss-sec mailing list archives
Re: CVE requests: LibTIFF
From: Tomas Hoger <thoger () redhat com>
Date: Thu, 24 Jun 2010 15:38:27 +0200
On Thu, 24 Jun 2010 09:16:20 -0400 Dan Rosenberg wrote:
1. Out-of-bounds read in TIFFExtractData() may result in application crash (no reference, fixed upstream). Reported by Dan Rosenberg.Do you have any info on this? I don't see anything obviously related in changelog. TIFFExtractData itself and all its uses seem unchanged for years.Revision 1.92.2.9 of libtiff/tif_dirread.c added code for ensuring valid tag type information for each TIFF directory entry. Prior to this fix, unknown tag types would result in an out-of-bounds array index in TIFFExtractData() on any code path using this macro. Ubuntu security backported this fix as debian/patches/fix-unknown-tags.patch in their libtiff4 package.
So the reference is: http://bugzilla.maptools.org/show_bug.cgi?id=2210 -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- CVE requests: LibTIFF Dan Rosenberg (Jun 23)
- Re: CVE requests: LibTIFF Tomas Hoger (Jun 24)
- Re: CVE requests: LibTIFF Dan Rosenberg (Jun 24)
- Re: CVE requests: LibTIFF Tomas Hoger (Jun 24)
- Re: CVE requests: LibTIFF Dan Rosenberg (Jun 29)
- Re: CVE requests: LibTIFF Tomas Hoger (Jun 29)
- Re: CVE requests: LibTIFF Dan Rosenberg (Jun 29)
- Re: CVE requests: LibTIFF Josh Bressers (Jun 30)
- Re: CVE requests: LibTIFF Dan Rosenberg (Jun 30)
- Re: CVE requests: LibTIFF Dan Rosenberg (Jun 24)
- Re: CVE requests: LibTIFF Tomas Hoger (Jun 24)
- <Possible follow-ups>
- Re: CVE requests: LibTIFF Josh Bressers (Jun 30)