You need to log in before you can comment on or make changes to this bug.
Created an attachment (id=857) [details] POC to trigger bug Triggered by "./tiff2ps $POC" Tested on Ubuntu 16.04 (x86) Heap buffer overwrite occurred when processing malformed TIFF file. ASAN output: ==8110==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5d00674 at pc 0x08147974 bp 0xbff8cec8 sp 0xbff8cebc READ of size 1 at 0xb5d00674 thread T0 #0 0x8147973 in PSDataColorContig /home/min/fuzzing/src/tiff-4.0.9/tools/tiff2ps.c:2481:20 #1 0x813ccef in PSpage /home/min/fuzzing/src/tiff-4.0.9/tools/tiff2ps.c:2363:4 #2 0x8136f5b in TIFF2PS /home/min/fuzzing/src/tiff-4.0.9/tools/tiff2ps.c:1612:10 #3 0x8134673 in main /home/min/fuzzing/src/tiff-4.0.9/tools/tiff2ps.c:479:9 #4 0xb724c636 in __libc_start_main /build/glibc-mUak1Y/glibc-2.23/csu/../csu/libc-start.c:291 #5 0x805f687 in _start (/home/min/fuzzing/program/libtiff-4.0.9-aflclang-asan/bin/tiff2ps+0x805f687) Credits: Mingi Cho and Taekyoung Kwon of the Information Security Lab, Yonsei University.
I do not reproduce with master ae0bed1fe530a82faf2e9ea1775109dbf301a971
Bugzilla is no longer used for tracking libtiff issues. Remaining open tickets, such as this one, have been migrated to the libtiff GitLab instance at https://gitlab.com/libtiff/libtiff/issues . The migrated tickets have their summary prefixed with [BZ#XXXX] where XXXX is the initial Bugzilla issue number.