Bug ID | 1011103 |
---|---|
Summary | VUL-0: CVE-2016-9448: CVE-2016-9297 LibTIFF regression |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.1 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | mikhail.kasimov@gmail.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Reference: [1] http://seclists.org/oss-sec/2016/q4/460 [1] ================================================== CVE-2016-9297 vulnerability reported in http://bugzilla.maptools.org/show_bug.cgi?id=2590 had a regression, which is fixed in http://bugzilla.maptools.org/show_bug.cgi?id=2593 by Even Rouault. Fixed per 2016-11-16 Even Rouault <even.rouault at spatialys.com> * libtiff/tif_dirread.c: in TIFFFetchNormalTag(), do not dereference NULL pointer when values of tags with TIFF_SETGET_C16_ASCII / TIFF_SETGET_C32_ASCII access are 0-byte arrays. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2593 (regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297). Reported by Henri Salo. /cvs/maptools/cvsroot/libtiff/ChangeLog,v <-- ChangeLog new revision: 1.1163; previous revision: 1.1162 /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v <-- libtiff/tif_dirread.c new revision: 1.204; previous revision: 1.203 -- Henri Salo ================================================== [2] Initial report for CVE-2016-9297: https://bugzilla.opensuse.org/show_bug.cgi?id=1010161