You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=828) [details] poc to trigger the vulnerability on 4.0.9 (the latest version): there is a memory malloc failure in the TIFFReadRawData function (tools/tiffinfo.c), which can be triggered by poc_5.tiff in the attachment. tiffinfo -Dijr poc_5.tiff ==22750==WARNING: AddressSanitizer failed to allocate 0x0012003f6d80 bytes ==22750==AddressSanitizer's allocator is terminating the process instead of returning 0 ==22750==If you don't like this behavior set allocator_may_return_null=1 ==22750==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0)) != (0)" (0x0, 0x0) #0 0x7f65db588631 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa0631) #1 0x7f65db58d613 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa5613) #2 0x7f65db505425 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x1d425) #3 0x7f65db58b865 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0xa3865) #4 0x7f65db50ab4d (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x22b4d) #5 0x7f65db50bbf5 (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x23bf5) #6 0x7f65db58092f in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9892f) #7 0x405b7a in TIFFReadRawData /home/fuzz/libtiff/4.0.9/tools/tiffinfo.c:427 #8 0x402361 in tiffinfo /home/fuzz/libtiff/4.0.9/tools/tiffinfo.c:473 #9 0x402361 in main /home/fuzz/libtiff/4.0.9/tools/tiffinfo.c:152 #10 0x7f65dacfb82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f) #11 0x402728 in _start (/home/fuzz/libtiff/4.0.9/tools/.libs/lt-tiffinfo+0x402728)
can you explain why you consider this be a bug ?
Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets, such as this one, have been migrated to the libtiff GitLab instance at https://gitlab.com/libtiff/libtiff/issues . The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is the initial Bugzilla issue number.