
Full Disclosure mailing list archives
Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Mon, 22 Dec 2014 11:48:05 -0800
Fuzzing bmp2tiff, using the afl-fuzzer, revealed an integer overflow issue related to the dimensions of the input BMP image.
It's probably worth noting that although the bundled utilities are pretty buggy, there are also several bugs affecting the libtiff library itself that can be hit with afl if you clean up the utility-level bugs first; these affect ImageMagick and any tools that rely on libtiff to display untrusted images. I reported some privately to the maintainers few weeks ago (before your report, in fact), but haven't had a lot of success so far. There's at least one other person who did the same. /mz _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- CVE-2014-9330: Libtiff integer overflow in bmp2tiff Project Zero Labs (Dec 22)
- Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Michal Zalewski (Dec 22)
- Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Paris Zoumpouloglou (Dec 22)
- Re: CVE-2014-9330: Libtiff integer overflow in bmp2tiff Michal Zalewski (Dec 22)