Vulnerability Key Information Bug ID: Bug 2620 Vulnerability Description: Heap-based buffer overflow in _TIFFFax3fillruns (tif_fax3.c) Status: RESOLVED FIXED Reporter: Agostino Sarubbo Report Date: 2016-12-03 05:06 Modified Date: 2016-12-03 06:39 Product: libtiff Component: Default Version: Not specified Platform: PC Linux Severity: P1 critical Fixer: Frank Warmerdam Attachments Name: stacktrace Type: text/plain Size: 5.57 KB Uploader: Agostino Sarubbo Upload Date: 2016-12-03 05:06 Description A heap-based buffer overflow vulnerability was discovered in the _TIFFFax3fillruns function in the tif_fax3.c file of libtiff. A reproducible test case is available at https://github.com/asarubbo/poc/blob/master/00100-libtiff-heapoverflow-TIFFFax3fillruns. Fix History Date: 2016-12-03 Fixer: Even Rouault Fix Details: Fixed the readContigStripsIntoBuffer() function in tools/tiffcrop.c to ensure the output buffer is properly incremented to prevent out-of-bounds writes. Additional Information Related Bug: Bug 2622 has been marked as a duplicate of this vulnerability.