Bug 2546 – CVE-2016-3658: libtiff 4.0.6 illegel read

Bug 2546 - CVE-2016-3658: libtiff 4.0.6 illegel read

Summary:

CVE-2016-3658: libtiff 4.0.6 illegel read

Status:	RESOLVED DUPLICATE of bug 2500

Product:	libtiff
Component:	default
Version:	unspecified
Platform:	PC Linux

Importance:	P1 critical
Target Milestone:	---
Assigned To:	Frank Warmerdam

URL:	http://www.openwall.com/lists/oss-sec...
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-05-01 05:26 by Henri Salo
Modified:	2016-10-25 15:18 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Henri Salo 2016-05-01 05:26:19

Illegal read vulnerability has been reported in oss-security mailing list:
http://www.openwall.com/lists/oss-security/2016/04/08/12

Affected Versions: <= 4.0.6
Vulnerability Type: Illegel read
Credit: Kaixiang Zhang of the Cloud Security Team, Qihoo 360

Illegal read occurs in the TIFFWriteDirectoryTagLongLong8Array function in
tif_dirwrite.c when using tiffset command, which allows attackers to exploit
this issue to cause denial-of-service.

------- Comment #1 From Even Rouault 2016-10-08 14:06:56 -------

It would be great to attach the exploit file

------- Comment #2 From Even Rouault 2016-10-25 15:18:37 -------

Going through the open bugs in bugzilla make me think that this bug is a true
duplicate of http://bugzilla.maptools.org/show_bug.cgi?id=2500 . Closing that
one as #2500 has a reproducer attached

*** This bug has been marked as a duplicate of bug 2500 ***