On 09/23/2012 08:29 AM, Solar Designer wrote:
"libtiff 4.0.3 brings "various memory buffer access fixes". Does
it fix more than CVE-2012-3401?"
to which I have no answer. The change log does in fact mention
"Various memory buffer access fixes." as the very first change
listed for libtiff. Perhaps someone should review code changes.
I had a look at the libtiff-4.0.3 commit logs and found one issue
which seems to bring a possibility of heap-based buffer overflow
when using a tiff file with PixarLog compression format.
More details at:
Though memory overwrite outside the heap-buffer is only a few
bytes, one cannot really overwrite possible arbitrary code
Can a CVE id be please assigned to the above flaw?
Found two other commits which seemed interesting, but i dont think
they could cause arbitrary code execution and i dont want to call
them security flaws.
1. OOB read crash tif_packbits.c 2. Memory not properly initialised
in tif_fax3.c. Again this one was partly fixed in 4.0.2 and
completely fixed in 4.0.3
If anyone else wants to investigate these in more details, please
be my guest :)