You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=856) [details] POC to trigger bug Triggered by "./tiff2ps $POC" Tested on Ubuntu 16.04 (x86) Heap buffer overwrite occurred when processing malformed TIFF file. ASAN output: ==3497==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5a19118 at pc 0xb74b30f9 bp 0xbfc77368 sp 0xbfc7735c WRITE of size 8 at 0xb5a19118 thread T0 #0 0xb74b30f8 in ChopUpSingleUncompressedStrip /home/min/fuzzing/src/tiff-4.0.9/libtiff/tif_dirread.c:5723:20 #1 0xb74b30f8 in TIFFReadDirectory /home/min/fuzzing/src/tiff-4.0.9/libtiff/tif_dirread.c:4186 #2 0xb761a903 in TIFFClientOpen /home/min/fuzzing/src/tiff-4.0.9/libtiff/tif_open.c:466:8 #3 0xb76868df in TIFFFdOpen /home/min/fuzzing/src/tiff-4.0.9/libtiff/tif_unix.c:211:8 #4 0xb76868df in TIFFOpen /home/min/fuzzing/src/tiff-4.0.9/libtiff/tif_unix.c:250 #5 0x81345cc in main /home/min/fuzzing/src/tiff-4.0.9/tools/tiff2ps.c:465:15 #6 0xb717d636 in __libc_start_main /build/glibc-mUak1Y/glibc-2.23/csu/../csu/libc-start.c:291 #7 0x805f687 in _start (/home/min/fuzzing/program/libtiff-4.0.9-aflclang-asan/bin/tiff2ps+0x805f687) Credits: Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei University.
I do not reproduce with master ae0bed1fe530a82faf2e9ea1775109dbf301a971
Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets, such as this one, have been migrated to the libtiff GitLab instance at https://gitlab.com/libtiff/libtiff/issues . The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is the initial Bugzilla issue number.