You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=790) [details] Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC” Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC” The asan debug information is below: $./tiff2ps $POC ================================================================= ==26627==ERROR: LeakSanitizer: detected memory leaks Direct leak of 1792 byte(s) in 7 object(s) allocated from: #0 0x7f7c4f1a19aa in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa) #1 0x7f7c4dca72fd (/usr/lib/x86_64-linux-gnu/libjbig.so.0+0x12fd) #2 0x3ea (<unknown module>) Indirect leak of 170491316224 byte(s) in 223 object(s) allocated from: #0 0x7f7c4f1a19aa in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa) #1 0x7f7c4dca72fd (/usr/lib/x86_64-linux-gnu/libjbig.so.0+0x12fd) #2 0x3ea (<unknown module>) SUMMARY: AddressSanitizer: 170491318016 byte(s) leaked in 230 allocation(s). Affected version: <=the Latest version (4.0.8) Credits: This vulnerability is detected by team OWL337, with our custom fuzzer coll AFL. Please contact ganshuitao@gmail.com and chaoz@tsinghua.edu.cn if you need more info about the team, the tool or the vulnerability.
Fixed per 2017-06-26 Even Rouault <even.rouault at spatialys.com> * libtiff/tif_jbig.c: fix memory leak in error code path of JBIGDecode() Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2706 Reported by team OWL337 /cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog new revision: 1.1254; previous revision: 1.1253 /cvs/maptools/cvsroot/libtiff/libtiff/tif_jbig.c,v <-- libtiff/tif_jbig.c new revision: 1.16; previous revision: 1.15
CVE-2017-9936 has been assigned for this.