[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE requests: LibTIFF
From: Josh Bressers <bressers () redhat ! com>
Date: 2010-06-30 19:49:10
Message-ID: 2051084446.1646871277927350977.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- "Dan Rosenberg" <dan.j.rosenberg@gmail.com> wrote:
> There are three issues that I think are CVE-worthy and have not been
> assigned:
Thanks for the help Dan. Here goes:
>
> 1. OOB read in TIFFExtractData() leading to crash (no reference,
> originally disclosed by me in this thread, fixed upstream with
> release
> 3.9.4 and security fix backported by Ubuntu).
CVE-2010-2481
>
> 2. NULL pointer dereference due to invalid td_stripbytecount leading
> to crash (distinct from CVE-2010-2443). The upstream changelog entry
> for 3.9.4 reads:
>
> * libtiff/tif_ojpeg.c (OJPEGReadBufferFill): Report an error and
> avoid a crash if the input file is so broken that the strip
> offsets are not defined.
CVE-2010-2482
>
> 3. OOB read in TIFFRGBAImageGet() leading to crash. Reference:
> https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605
CVE-2010-2483
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic