'Re: [oss-security] CVE requests: LibTIFF'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE requests: LibTIFF
From:       Josh Bressers <bressers () redhat ! com>
Date:       2010-06-30 19:49:10
Message-ID: 2051084446.1646871277927350977.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- "Dan Rosenberg" <dan.j.rosenberg@gmail.com> wrote:

> There are three issues that I think are CVE-worthy and have not been
> assigned:

Thanks for the help Dan. Here goes:

> 
> 1.  OOB read in TIFFExtractData() leading to crash (no reference,
> originally disclosed by me in this thread, fixed upstream with
> release
> 3.9.4 and security fix backported by Ubuntu).

CVE-2010-2481

> 
> 2.  NULL pointer dereference due to invalid td_stripbytecount leading
> to crash (distinct from CVE-2010-2443).  The upstream changelog entry
> for 3.9.4 reads:
> 
> 	* libtiff/tif_ojpeg.c (OJPEGReadBufferFill): Report an error and
> 	avoid a crash if the input file is so broken that the strip
> 	offsets are not defined.

CVE-2010-2482

> 
> 3.  OOB read in TIFFRGBAImageGet() leading to crash.  Reference:
> https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/591605

CVE-2010-2483

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic