| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary code execution |
|
| Description |
| + |
An out-of-bounds write vulnerability has been discovered caused by a memcpy call without proper bounds checks. A malicious tiff file handled by tiff2pdf will cause an illegal write to a potentially attacker controlled target address. |
|
| References |
| + |
http://bugzilla.maptools.org/show_bug.cgi?id=2579 |
| + |
http://www.openwall.com/lists/oss-security/2016/09/29/ |
|
| Notes |
| + |
FIXED: |
| + |
2016-10-08 Even Rouault <even.rouault at spatialys.com> |
| + |
tools/tiff2pdf.c: fix read -largely- outsize of buffer in t2p_readwrite_pdf_image_tile(), causing crash, when reading a JPEG compressed image with TIFFTAG_JPEGTABLES length being one. Reported as MSVR 35101 by Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team. CVE-2016-9453 |
|