You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=812) [details] the tiffcp poc Hello ,I use afl to test tiffcp (version 4.0.8) and I found a heap-buffer-overflow in tiffcp.c(in function cpStripToTile) i use the command line:tiffcp -i poc_name out and the saw the asan message: AddressSanitizer: heap-buffer-overflow /home/share/libtiff/tiff-4.0.8/tools/tiffcp.c:1190 cpStripToTile my poc: https://github.com/lifuhao123/feijidepoc/blob/master/tiffcp-poc
I'm not reproducing with the "master". I think it has been fixed.
Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets, such as this one, have been migrated to the libtiff GitLab instance at https://gitlab.com/libtiff/libtiff/issues . The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is the initial Bugzilla issue number.