Red Hat Bugzilla – Bug 1316859
CVE-2016-3620 libtiff: Out-of-bound read in ZIPEncode
Last modified: 2017-05-10 17:13:58 EDT
An out-of-bounds read in ZIPEncode function in tif_zip.c when running bmp2tiff on crafted BMP file was found in libtiff-4.0.6.
Name: Mei Wang (Qihoo 360)
Created attachment 1135193 [details]
ASAN and GDB report
This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 6 and 7. This issue did not affect the versions of compat-libtiff3 as shipped with Red Hat Enterprise Linux 7, as they did not include the bmp2tiff tool.