http://bugzilla.opensuse.org/show_bug.cgi?id=1017689 Bug ID: 1017689 Summary: VUL-0: ibtiff: assertion failure in readSeparateTilesIntoBuffer (tiffcp.c) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: http://seclists.org/oss-sec/2017/q1/7 ============================================ Description: Libtiff is a software that provides support for the Tag Image File Format (TIFF), a widely used format for storing image data. A crafted tiff file revealed an assertion failure. The complete output: # tiffcp -i $FILE /tmp/foo tiffcp: /tmp/portage/media- libs/tiff-4.0.7/work/tiff-4.0.7/tools/tiffcp.c:1390: int readSeparateTilesIntoBuffer(TIFF *, uint8 *, uint32, uint32, tsample_t): Assertion `bps % 8 == 0' failed. Affected version: 4.0.7 Fixed version: N/A Commit fix: https://github.com/vadz/libtiff/commit/7ff9652da2eec4c65279dcbc7e55c0418e87b... Credit: This bug was discovered by Agostino Sarubbo of Gentoo. CVE: N/A Reproducer: https://github.com/asarubbo/poc/blob/master/00072-libtiff-assert-readSeparat... Timeline: 2016-11-23: bug discovered and reported to upstream 2016-12-03: upstream released a patch 2017-01-01: blog post about the issue Note: This bug was found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2017/01/01/libtiff-assertion-failure-in-readsep... -- Agostino Sarubbo Gentoo Linux Developer ============================================ https://software.opensuse.org/package/libtiff5 TW: 4.0.7 42.2: 4.0.6 42.1: 4.0.6 13.2: 4.0.7 -- You are receiving this mail because: You are on the CC list for the bug.