You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=708) [details] stacktrace ON 4.0.7: tiffcp -i $FILE /tmp/foo AddressSanitizer: heap-buffer-overflow /tmp/portage/media-libs/tiff-4.0.7/work/tiff-4.0.7/tools/tiffcp.c:1171:11 in cpStripToTile Testcase: https://github.com/asarubbo/poc/blob/master/00082-libtiff-heap-overflow-cpStripToTile
Fixed per 2016-12-03 Even Rouault <even.rouault at spatialys.com> * tools/tiffcp.c: fix uint32 underflow/overflow that can cause heap-based buffer overflow. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610 /cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog new revision: 1.1187; previous revision: 1.1186 /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v <-- tools/tiffcp.c new revision: 1.59; previous revision: 1.58