Source: tiff Version: 4.0.6-3 Severity: normal Tags: security upstream patch Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2592
Hi See http://bugzilla.maptools.org/show_bug.cgi?id=2592 and http://www.openwall.com/lists/oss-security/2016/11/11/14 . It is reproducible with an ASAN build and the reproducer attached to the upstream bugreport. No CVE has beeen assigned yet; though maybe will not since seems to affect only the tiffcrop tool. Please adjust the affected versions as needed. Regards, Salvatore