** Information type changed from Private Security to Public Security ** Changed in: tiff (Ubuntu) Status: New => Confirmed
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1762418 Title: Multiple heap-buffer-overflow in tiff-4.0.9 Status in tiff package in Ubuntu: Confirmed Bug description: Dear all, The following tiff2ps memory issues were found by a modified version of the kAFL fuzzer (https://github.com/RUB-SysSec/kAFL). I have attached the crashing inputs, each ASAN report and each ASAN report in "halt_on_error=false" mode to this bug report. To reproduce those memory issues, execute an ASAN build of tiff2ps with the crashing inputs as the first argument (./tiff2ps <crashing_input>). We can verify those issues for 4.0.9-4ubuntu1 (Ubuntu 16.04.4 LTS / sources from "pull-lp-source tiff"). Credits: Sergej Schumilo, Cornelius Aschermann (both of Ruhr- Universität Bochum) Best regards, Sergej Schumilo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1762418/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp