CVE-2016-9273: buffer over read in libtiff

I was assigned CVE-2016-9273 today for a buffer over read flaw that I found in libtiff. This provides support for the Tag Image File Format (TIFF), a widely used format for storing image data, and is found in web browsers and mobile devices used around the world.

==18669==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x60200000ef78 at pc 0x407549 bp 0x7ffeeb10bc00 sp 0x7ffeeb10bbf8
READ of size 8 at 0x60200000ef78 thread T0
#0 0x407548 in cpStrips /root/libtiff/tools/tiffsplit.c:246
#1 0x407548 in tiffcp /root/libtiff/tools/tiffsplit.c:227
#2 0x407548 in main /root/libtiff/tools/tiffsplit.c:89
#3 0x7face2437b44 in __libc_start_main
(/lib/x86_64-linux-gnu/libc.so.6+0x21b44)
#4 0x40836c (/root/libtiff/tools/tiffsplit+0x40836c)

0x60200000ef78 is located 0 bytes to the right of 8-byte region
[0x60200000ef70,0x60200000ef78)
allocated by thread T0 here:
#0 0x7face2b169f6 in __interceptor_realloc
(/usr/lib/x86_64-linux-gnu/libasan.so.1+0x549f6)
#1 0x4a9ea0 in _TIFFCheckRealloc /root/libtiff/libtiff/tif_aux.c:73
#2 0x4a9ea0 in _TIFFCheckMalloc /root/libtiff/libtiff/tif_aux.c:88

SUMMARY: AddressSanitizer: heap-buffer-overflow
/root/libtiff/tools/tiffsplit.c:246 cpStrips

It was found with the assistance of my favorite tool, American Fuzzy Lop, which you can find here. If you appreciate the work I'm doing, please support continued fuzzing on Patreon.

geeknik

Also on this blog

SHARE:  Email · Facebook · Google · Twitter · Tumblr · Kindle
SUBSCRIBE:  Receive an email on new posts from geeknik

Comments


  • Notify me upon new comments

☺ Got it