Discussion:
Vulnerability CVE-2010-2596
Petr Hracek
2014-10-02 12:04:34 UTC
Permalink
Hi tiff folks,

I would like to ask you whether CVE-2010-2596 is planned to be released
in libtiff-3.9?
http://bugzilla.maptools.org/show_bug.cgi?id=2209

Similar code is mentioned aroung line 643 in tiff_ojpeg.c
--
Best regards / S pozdravem
Petr Hracek

_______________________________________________
Tiff mailing list: ***@lists.maptools.org
http://lists.maptools.org/mailman/listinfo/tiff
http://www.remotesensing.org/libtiff/
Bob Friesenhahn
2014-10-02 13:55:10 UTC
Permalink
Post by Petr Hracek
Hi tiff folks,
I would like to ask you whether CVE-2010-2596 is planned to be released
in libtiff-3.9?
http://bugzilla.maptools.org/show_bug.cgi?id=2209
Similar code is mentioned aroung line 643 in tiff_ojpeg.c
Libtiff is certainly due for some new releases since it has not had a
release since September, 2012.

Tom Lane's patch avoids the assertion but it apparently does not solve
the parsing issue.

There are are many other fixes already in libtiff CVS waiting to be
released.

Bob
--
Bob Friesenhahn
***@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
_______________________________________________
Tiff mailing list: ***@lists.maptools.org
http://lists.maptools.org/mailman/listinfo/tiff
http://www.remotesensing.org/libtiff/
Continue reading on narkive:
Loading...