http://bugzilla.opensuse.org/show_bug.cgi?id=1022790 Bug ID: 1022790 Summary: VUL-1: libtiff: Out-of-Bound read and write issues in put1bitbwtile()(tiff-4.0.7/libtiff/tif-getimage.c:1352 ) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: http://seclists.org/oss-sec/2017/q1/235 =============================================== Hi: These issues were discovered via libtiff 4.0.7, however after upstream analysis they were found that they are in netpbm(10.47.63) The url of bug tracker: http://bugzilla.maptools.org/show_bug.cgi?id=2654 http://bugzilla.maptools.org/show_bug.cgi?id=2655 Then I mailed the maintainer of netpbm and he promised fix them in the next Netpbm Super Stable release (the release series I tested) at the end of March. Could you please assign CVE id's for these? Best Regards, chunibalon of VARAS@IIE =============================================== https://software.opensuse.org/package/libtiff5 TW: 4.0.7 (official repo) 42.(1|2): 4.0.7 (official repo) -- You are receiving this mail because: You are on the CC list for the bug.