Mailinglist Archive: opensuse-bugs (4227 mails)

< Previous Next >
[Bug 1017689] New: VUL-0: ibtiff: assertion failure in readSeparateTilesIntoBuffer (tiffcp.c)
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Sun, 01 Jan 2017 17:55:50 +0000
  • Message-id: <bug-1017689-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1017689


Bug ID: 1017689
Summary: VUL-0: ibtiff: assertion failure in
readSeparateTilesIntoBuffer (tiffcp.c)
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Ref: http://seclists.org/oss-sec/2017/q1/7
============================================
Description:
Libtiff is a software that provides support for the Tag Image File Format
(TIFF), a widely used format for storing image data.

A crafted tiff file revealed an assertion failure.

The complete output:

# tiffcp -i $FILE /tmp/foo
tiffcp: /tmp/portage/media-
libs/tiff-4.0.7/work/tiff-4.0.7/tools/tiffcp.c:1390:
int readSeparateTilesIntoBuffer(TIFF *, uint8 *, uint32, uint32, tsample_t):
Assertion `bps % 8 == 0' failed.

Affected version:
4.0.7

Fixed version:
N/A

Commit fix:
https://github.com/vadz/libtiff/commit/7ff9652da2eec4c65279dcbc7e55c0418e87bbc8

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
N/A

Reproducer:
https://github.com/asarubbo/poc/blob/master/00072-libtiff-assert-readSeparateTilesIntoBuffer

Timeline:
2016-11-23: bug discovered and reported to upstream
2016-12-03: upstream released a patch
2017-01-01: blog post about the issue

Note:
This bug was found with American Fuzzy Lop.

Permalink:
https://blogs.gentoo.org/ago/2017/01/01/libtiff-assertion-failure-in-readseparatetilesintobuffer-tiffcp-c

--
Agostino Sarubbo
Gentoo Linux Developer
============================================

https://software.opensuse.org/package/libtiff5

TW: 4.0.7
42.2: 4.0.6
42.1: 4.0.6
13.2: 4.0.7

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
Follow Ups