[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tiff

.. follow up of [🔎] 20190212073152.GA2261@behemoth.owl.eu.com.local

otherwise tests went fine.

one more comment:

> +  * Non-maintainer upload by the LTS Team.
> +  * Fix CVE-2018-19210: NULL pointer dereference
> +    There is a NULL pointer dereference in the TIFFWriteDirectorySec function
> +    in tif_dirwrite.c that will lead to a denial of service attack, as
> +    demonstrated by tiffset.
> +  * Fix CVE-2018-17000: NULL pointer dereference
> +    A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called
> +    from TIFFWriteDirectoryTagTransferfunction) allows an attacker
> +    to cause a denial-of-service through a crafted tiff file. This vulnerability
> +    can be triggered by the executable tiffcp.

This patch is actually the one for CVE-2019-7663, which happens to also
fix CVE-2018-17000 (not confirmed by upstream yet?). I suggest to mention
CVE-2019-7663 here. :)



                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: