You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=712) [details] stacktrace On 4.0.7: # tiffcrop -i $FILE /tmp/foo AddressSanitizer: heap-buffer-overflow /tmp/portage/media-libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_fax3.c:413:13 in _TIFFFax3fillruns Testcase: https://github.com/asarubbo/poc/blob/master/00100-libtiff-heapoverflow-_TIFFFax3fillruns
Fixed per: 2016-12-03 Even Rouault <even.rouault at spatialys.com> * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore) mode so that the output buffer is correctly incremented to avoid write outside bounds. Reported by Agostino Sarubbo. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2620 /cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog new revision: 1.1178; previous revision: 1.1177 /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v <-- tools/tiffcrop.c new revision: 1.47; previous revision: 1.46
*** Bug 2622 has been marked as a duplicate of this bug. ***