2017.05.31 07:23 "[Tiff] Remaining TIFF security issues", by Havard Eidnes
Hi,
first let me express great gratitude for the release of tiff 4.0.8, it allowed me to remove quite a few patches from our package, and solves many security issues and bugs.
We try to keep tabs on unsolved reported security issues in packages, and there appears to be a pair which remain unsolved even after the update to 4.0.8, so I thought I would nudge you guys to take a closer look:
* https://nvd.nist.gov/vuln/detail/CVE-2015-7554
The segmentation fault reported with the test image is
still reproducible, something I've verified. Not sure if
there is a bugid open for this one.
* https://nvd.nist.gov/vuln/detail/CVE-2016-10095
The test case on github still produces a SEGV, so this one
appears to still be unfixed. Also bugid 2625.
Best regards,
- Håvard