[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tiff / CVE-2018-18661

Ola Lundqvist <ola@inguza.com> writes:

> Interesting. I wonder what the fix do differently in this case. It is a
> little worrying that it exit with a zero return code, but maybe not major.
> On the other hand, if we cannot reproduce the problem maybe it is not worth
> patching... Hmm.

I tried to reproduce this in a stretch chroot using version
4.0.9-1. This version should be vulerable, it is the version mentioned
in the upstream bug report:

http://bugzilla.maptools.org/show_bug.cgi?id=2819

Still can't reproduce:

(stretch-amd64-default)root@silverfish:/tmp/brian/tmpog1hq_fw/build/amd64# tiff2bw /tmp/poc /dev/null
TIFFReadDirectory: Warning, Unknown field with tag 292 (0x124) encountered.
LZWDecode: Not enough data at scanline 0 (short 6442004472 bytes).
TIFFWriteDirectoryTagData: IO error writing tag data.

>From upstream bug report:

$ ./tiff2bw poc /dev/null
TIFFReadDirectory: Warning, Unknown field with tag 292 (0x124) encountered.
Segmentation fault

I might have missed something, however I can't see any sign of any
Debian specific changes in 4.0.9-1 either.
-- 
Brian May <bam@debian.org>
Reply to: