** Information type changed from Private Security to Public Security
** Changed in: tiff (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to tiff in Ubuntu.
https://bugs.launchpad.net/bugs/1762418
Title:
Multiple heap-buffer-overflow in tiff-4.0.9
Status in tiff package in Ubuntu:
Confirmed
Bug description:
Dear all,
The following tiff2ps memory issues were found by a modified version of the
kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the crashing
inputs, each ASAN report and each ASAN report in "halt_on_error=false" mode to
this bug report. To reproduce those memory issues, execute an ASAN build of
tiff2ps with the crashing inputs as the first argument (./tiff2ps
<crashing_input>).
We can verify those issues for 4.0.9-4ubuntu1 (Ubuntu 16.04.4 LTS /
sources from "pull-lp-source tiff").
Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr-
Universität Bochum)
Best regards,
Sergej Schumilo
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1762418/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
