AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2017.05.31 07:23 "[Tiff] Remaining TIFF security issues", by Havard Eidnes
2017.05.31 08:49 "Re: [Tiff] Remaining TIFF security issues", by Even Rouault
2017.06.01 12:52 "Re: [Tiff] Remaining TIFF security issues", by Even Rouault

2017.05.31 07:23 "[Tiff] Remaining TIFF security issues", by Havard Eidnes

Hi,

first let me express great gratitude for the release of tiff 4.0.8, it allowed me to remove quite a few patches from our package, and solves many security issues and bugs.

We try to keep tabs on unsolved reported security issues in packages, and there appears to be a pair which remain unsolved even after the update to 4.0.8, so I thought I would nudge you guys to take a closer look:

 * https://nvd.nist.gov/vuln/detail/CVE-2015-7554

   The segmentation fault reported with the test image is
   still reproducible, something I've verified. Not sure if
   there is a bugid open for this one.

 * https://nvd.nist.gov/vuln/detail/CVE-2016-10095

   The test case on github still produces a SEGV, so this one
   appears to still be unfixed. Also bugid 2625.

Best regards,

- Håvard