Re: tiff: CVE-2018-8905: heap-based buffer overflow in LZWDecodeCompat

To: 893806@bugs.debian.org
Cc: debian-lts@lists.debian.org
Subject: Re: tiff: CVE-2018-8905: heap-based buffer overflow in LZWDecodeCompat
From: Hugo Lefeuvre <hle@debian.org>
Date: Sun, 15 Apr 2018 15:57:50 -0400
Message-id: <[🔎] 20180415195750.GB3544@hle-laptop.local>

Hi,

I have successfully reproduced this issue in latest upstream master
branch and Buster but couldn't reproduce it neither in Wheezy nor in
Jessie or Stretch.

I am going to take a closer look, try to prepare a patch and declare
Wheezy, Jessie and Stretch unaffected if appropriate.

Regards,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: LTS report for March
Next by Date: Re: calibre / CVE-2018-7889
Previous by thread: LTS report for March
Next by thread: Re: tiff: CVE-2018-8905: heap-based buffer overflow in LZWDecodeCompat
Index(es):
- Date
- Thread