You need to log in before you can comment on or make changes to this bug.
Hello, out-of-bounds write vulnerability in horizontalDifference8() in tiffcp tool has been reported in: http://www.openwall.com/lists/oss-security/2016/04/12/2 Affected Versions: <= 4.0.6 Tested system: CentOS Linux release 7.1.1503 64bit Vulnerability Type: out-of-bounds write Credit: Kaixiang Zhang of the Cloud Security Team, Qihoo 360
Created an attachment (id=661) [details] Patch taken from http://vault.centos.org/7.2.1511/updates/Source/SPackages/libtiff-4.0.3-25.el7_2.src.rpm
It would be good to have access to the poc.tif and src1.tif files of the original report to check the fix.
Created an attachment (id=662) [details] Patch taken from http://vault.centos.org/7.2.1511/updates/Source/SPackages/libtiff-4.0.3-25.el7_2.src.rpm
Fixed per: 2016-08-15 Even Rouault <even.rouault at spatialys.com> * libtiff/tif_pixarlog.c: Fix write buffer overflow in PixarLogEncode if more input samples are provided than expected by PixarLogSetupEncode. Idea based on libtiff-CVE-2016-3990.patch from libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, but with different and simpler check. (bugzilla #2544) /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v <-- libtiff/tif_pixarlog.c new revision: 1.46; previous revision: 1.45