oss-sec mailing list archives
CVE-2017-7594: libtiff: Direct leak in tif_ojpeg.c
From: "Agostino Sarubbo" <ago () gentoo org>
Date: Mon, 10 Apr 2017 07:06:05 +0000
http://bugzilla.maptools.org/show_bug.cgi?id=2659 : In tif_ojpeg.c, in OJPEGReadHeaderInfoSecTablesDcTable, we have rb=_TIFFmalloc(ra). After, values for rb are filled out. Then there is an if (p!=q) return 0, which goes before the line sp->dctable[m]=rb; Therefore, clearly rb is leaking every time the if (p!=q) is entered, since memory is allocated but it is not even assigned anywhere. Our fix: https://pdfium-review.googlesource.com/c/2176/ ################## Patch applied per 2017-01-12 Even Rouault <even.rouault at spatialys.com> * libtiff/tif_ojpeg.c: fix leak in OJPEGReadHeaderInfoSecTablesAcTable when read fails. Patch by Nicolás Peña. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2659 -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- CVE-2017-7594: libtiff: Direct leak in tif_ojpeg.c Agostino Sarubbo (Apr 10)