Moritz Muehlenhoff <[EMAIL PROTECTED]> wrote: > Package: tiff > Severity: important > Tags: security > > Hi, > 3.8.0 seems to have introduced two regressions that have DoS potential: > > | The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 > | allows remote attackers to cause a denial of service (application > | crash) via a crafted TIFF image that triggers a NULL pointer > | dereference, possibly due to changes in type declarations and/or > | the TIFFVSetField function. > > http://bugzilla.remotesensing.org/show_bug.cgi?id=1029 > http://bugzilla.remotesensing.org/show_bug.cgi?id=1034 > > oldstable and stable do not seem to be affected, can you please verify/ > confirm? > > This is CVE-2006-0405, please mention it in the changelog when fixing it.
I'll check into this right away. Thanks. -- Jay Berkenbilt <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
