You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=717) [details] stacktrace On 4.0.7: # tiffsplit $FILE AddressSanitizer: stack-buffer-overflow /tmp/portage/media-libs/tiff-4.0.7/work/tiff-4.0.7/libtiff/tif_dir.c:1077:29 in _TIFFVGetField Testcase: https://github.com/asarubbo/poc/blob/master/00104-libtiff-stackoverflow-_TIFFVGetField
This is very similar of http://bugzilla.maptools.org/show_bug.cgi?id=2564, and in the same class of issues than http://bugzilla.maptools.org/show_bug.cgi?id=2580
(In reply to comment #1) > This is very similar of http://bugzilla.maptools.org/show_bug.cgi?id=2564, and > in the same class of issues than > http://bugzilla.maptools.org/show_bug.cgi?id=2580 For completeness, both attached testcases in 2564 does not work for me on 4.0.7
CVE-2015-7554 = #2584 / #2586 CVE-2016-5318 = #2561, which says same root cause as #2564 Now this bug and not clear if all 5 tickets are the same vuln or have enough characteristics to be considered different.
Oh, and this ticket is assigned CVE-2016-10095 via the Debian ticket: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850316
Fixed per http://bugzilla.maptools.org/show_bug.cgi?id=2580