| Title | TinyTIFF global-buffer-overflow |
|---|
| Description | A global-buffer-overflow issue was discovered in TinyTIFF in tinytiffreader.c file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.
OS information
ubuntu@ubuntu:~/Documents/TinyTIFF/src$ uname -a
Linux ubuntu 5.15.0-58-generic #64~20.04.1-Ubuntu SMP Fri Jan 6 16:42:31 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Summary
AddressSanitizer: global-buffer-overflow (/home/ubuntu/Desktop/TinyTIFF/src/asan_tinytiffreader+0x4969c6) in __asan_memcpy
Problem Code location
#0 0x4969c6 in __asan_memcpy (/home/ubuntu/Desktop/TinyTIFF/src/asan_tinytiffreader+0x4969c6)
#1 0x4cdff4 in TinyTIFFReader_readNextFrame /home/ubuntu/Desktop/TinyTIFF/src/tinytiffreader.c
#2 0x4cb3e9 in TinyTIFFReader_open /home/ubuntu/Desktop/TinyTIFF/src/tinytiffreader.c:921:9
#3 0x4d10ea in main /home/ubuntu/Desktop/TinyTIFF/src/tinytiffreader.c:1058:10
#4 0x7ffff7c4a082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/../csu/libc-start.c:308:16
#5 0x41c3bd in _start (/home/ubuntu/Desktop/TinyTIFF/src/asan_tinytiffreader+0x41c3bd) |
|---|
| Source | ⚠️ https://github.com/10cksYiqiyinHangzhouTechnology/Security-Issue-Report-of-TinyTIFF |
|---|
| User | 10cksYiqiyinHangzhouTechnology (UID 41666) |
|---|
| Submission | 03/21/2023 01:34 (3 years ago) |
|---|
| Moderation | 03/22/2023 11:06 (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 223553 [TinyTIFF 3.0.0.0 File tinytiffreader.c buffer overflow] |
|---|
| Points | 20 |
|---|