Description:
Libtiff is a software that provides support for the Tag Image File Format (TIFF), a widely used format for storing image data.
A crafted tiff file revealed an assertion failure.
The complete output:
# tiffcp -i $FILE /tmp/foo tiffcp: /tmp/portage/media-libs/tiff-4.0.7/work/tiff-4.0.7/tools/tiffcp.c:1390: int readSeparateTilesIntoBuffer(TIFF *, uint8 *, uint32, uint32, tsample_t): Assertion `bps % 8 == 0' failed.
Affected version:
4.0.7
Fixed version:
N/A
Commit fix:
https://github.com/vadz/libtiff/commit/7ff9652da2eec4c65279dcbc7e55c0418e87bbc8
Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.
CVE:
N/A
Reproducer:
https://github.com/asarubbo/poc/blob/master/00072-libtiff-assert-readSeparateTilesIntoBuffer
Timeline:
2016-11-23: bug discovered and reported to upstream
2016-12-03: upstream released a patch
2017-01-01: blog post about the issue
Note:
This bug was found with American Fuzzy Lop.
Permalink:
libtiff: assertion failure in readSeparateTilesIntoBuffer (tiffcp.c)