[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] libtiff: multiple divide-by-zero
From: Agostino Sarubbo <ago () gentoo ! org>
Date: 2017-03-25 13:57:07
Message-ID: 6627125.qZ1aFFj61H () arcadia
[Download RAW message or body]
On Sunday 01 January 2017 16:46:12 Agostino Sarubbo wrote:
> Permalink:
> https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero
> # tiffcp $FILE /tmp/foo
> ==12079==ERROR: AddressSanitizer: FPE on unknown address 0x7fd319436251 (pc
> 0x7fd319436251 bp 0x7fff851e3d80 sp 0x7fff851e3d30 T0)
> #0 0x7fd319436250 in TIFFReadEncodedStrip /tmp/portage/media-
> libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_read.c:351:22
This is CVE-2016-10266
> # tiffmedia $FILE /tmp/foo
> ==28106==ERROR: AddressSanitizer: FPE on unknown address 0x7faeae7f744e (pc
> 0x7faeae7f744e bp 0x7ffceab45e40 sp 0x7ffceab45ce0 T0)
> #0 0x7faeae7f744d in OJPEGDecodeRaw /tmp/portage/media-
> libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_ojpeg.c:816:8
This is CVE-2016-10267
--
Agostino Sarubbo
Gentoo Linux Developer
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic