You need to log in before you can comment on or make changes to this bug.
Hello, out-of-bounds write in loadImage() in tiffcrop tool vulnerability has been reported in: http://www.openwall.com/lists/oss-security/2016/04/12/3 Affected Versions: <= 4.0.6 Tested system: CentOS Linux release 7.1.1503 64bit Vulnerability Type: out-of-bounds write Credit: Kaixiang Zhang of the Cloud Security Team, Qihoo 360
Created an attachment (id=663) [details] Patch taken from http://vault.centos.org/7.2.1511/updates/Source/SPackages/libtiff-4.0.3-25.el7_2.src.rpm
Would be good to have access to the _TIFFfree.tif src1.tif files of the report
Created an attachment (id=668) [details] CVE-2016-3991 File received from advisory author. MD5: 40d9b0af462e73f86accbeebce67114f SHA1: 4b3e6d4631fc3bf796d94739610a437a95462e71 http://bugs.fi/media/afl/libtiff/CVE-2016-3991.tif
Fixed per 2016-08-15 Even Rouault <even.rouault at spatialys.com> * tools/tiffcrop.c: Fix out-of-bounds write in loadImage(). From patch libtiff-CVE-2016-3991.patch from libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543) /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c new revision: 1.38; previous revision: 1.37
*** Bug 2560 has been marked as a duplicate of this bug. ***
*** Bug 2573 has been marked as a duplicate of this bug. ***