-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yaakov S (Cygwin Ports) wrote: > Yaakov S (Cygwin Ports) wrote: >>>>> Multiple vulnerabilities, ranging from integer overflows and NULL >>>>> pointer dereferences to double frees, were reported in libTIFF. > > And now, there's more: > > A buffer overflow has been found in the t2p_write_pdf_string function in > tiff2pdf, which can been triggered with a TIFF file containing a > DocumentName tag with UTF-8 characters. An additional buffer overflow > has been found in the handling of the parameters in tiffsplit.
This has been hanging for two months already, so I went ahead and added this to Cygwin Ports CVS[1], in module ports/libs/tiff. I hope our maintainer (Charles?) will be able to roll this out ASAP. [1] http://sourceforge.net/cvs/?group_id=99645 Yaakov -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (Cygwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEvqVvpiWmPGlmQSMRAoeVAKDbsuue7fRRdkGst/o7m6TFXxb6gQCdHc5g 1dmXgL18cqu7H0uhOdiW5Pg= =FGvD -----END PGP SIGNATURE-----