[GHSA-8hvv-gchf-jqcp] tif_dirread.c in LibTIFF 4.0.7 has an "outside the range... #5327
Conversation
github-actions
bot
changed the base branch from
main
to
Crispy-fried-chicken/advisory-improvement-5327
|
👋 Hi @Crispy-fried-chicken, I can't make changes to any of the advisories for which you've submitted community contributions because none of the affected products are in one of the GitHub Advisory Database's supported ecosystems. Products written in C are almost never part of a supported ecosystem. However, the accuracy of CVE records is important. If you find an aspect of a CVE record you believe is inaccurate, I recommend that you contact the CVE Numbering Authority (CNA) listed in each record. You can find contact information for each CNA at https://www.cve.org/PartnerInformation/ListofPartners. For example, the CNA for CVE-2017-7597 is MITRE, and MITRE's CNA profile links to their MITRE CVE Request web form where members of the public can request changes to CVE records. |
Updates
Comments
According to the description of the GHSA, the affected version of the vulnerability is 4.0.7. However, based on the vulnerability code snippet, this vulnerability still exists in earlier versions, such as 4.0.0. Please confirm.
code sippet:
{
uint8* ma;
float* mb;
uint32 n;
ma=(uint8*)origdata;
mb=data;
for (n=0; n<count; n++)
*mb++=(float)(*ma++);
}