[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] libtiff: multiple divide-by-zero
From:       Agostino Sarubbo <ago () gentoo ! org>
Date:       2017-03-25 13:57:07
Message-ID: 6627125.qZ1aFFj61H () arcadia
[Download RAW message or body]

On Sunday 01 January 2017 16:46:12 Agostino Sarubbo wrote:
> Permalink:
> https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero

> # tiffcp $FILE /tmp/foo
> ==12079==ERROR: AddressSanitizer: FPE on unknown address 0x7fd319436251 (pc
> 0x7fd319436251 bp 0x7fff851e3d80 sp 0x7fff851e3d30 T0)
>     #0 0x7fd319436250 in TIFFReadEncodedStrip /tmp/portage/media-
> libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_read.c:351:22

This is CVE-2016-10266
 

> # tiffmedia $FILE /tmp/foo
> ==28106==ERROR: AddressSanitizer: FPE on unknown address 0x7faeae7f744e (pc
> 0x7faeae7f744e bp 0x7ffceab45e40 sp 0x7ffceab45ce0 T0)
>     #0 0x7faeae7f744d in OJPEGDecodeRaw /tmp/portage/media-
> libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_ojpeg.c:816:8

This is CVE-2016-10267

-- 
Agostino Sarubbo
Gentoo Linux Developer
[prev in list] [next in list] [prev in thread] [next in thread]