lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALx_OUAzXp7rsHTLMp2oEobA88Vtapkgfp2+RZwVCqnbyReZdg@mail.gmail.com>
Date: Mon, 22 Dec 2014 11:48:05 -0800
From: Michal Zalewski <lcamtuf@...edump.cx>
To: Project Zero Labs <labs@...jectzero.gr>
Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: Re: [FD] CVE-2014-9330: Libtiff integer overflow in bmp2tiff

> Fuzzing bmp2tiff, using the afl-fuzzer, revealed an integer overflow issue
> related to the dimensions of the input BMP image.

It's probably worth noting that although the bundled utilities are
pretty buggy, there are also several bugs affecting the libtiff
library itself that can be hit with afl if you clean up the
utility-level bugs first; these affect ImageMagick and any tools that
rely on libtiff to display untrusted images.

I reported some privately to the maintainers few weeks ago (before
your report, in fact), but haven't had a lot of success so far.
There's at least one other person who did the same.

/mz

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ