some vulns

Description LibTIFF  This software provides support for the  Tag Image File Format  (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is  available on-line  in several different formats. A memory leak vulnerability was found in function  _TIFFmalloc in  tif_unix .c,which allows attackers  to cause a denial of service via a crafted file. tiff2pdf $FILE -o out.pdf ==28111==ERROR: LeakSanitizer: detected memory leaks Direct leak of 8 byte(s) in 1 object(s) allocated from:    #0 0x7f8063966bb8 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62    #1 0x507dd3 in _TIFFmalloc /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_unix.c:316    #2 0x452057 in TIFFReadDirEntryLong8Array /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_dirread.c:1919    #3 0x464d88 in TIFFFetchStripTh...

Description LibTIFF This software provides support for the  Tag Image File Format  (TIFF), a widely used format for storing image data. The latest version of the TIFF specification is  available on-line  in several different formats. A memory leak vulnerability was found in function _TIFFrealloc in tif_unix.c, which allows attackers to cause a denial of service via a crafted file. tiff2pdf $FILE -o out.pdf ==103057==ERROR: LeakSanitizer: detected memory leaks Direct leak of 12556 byte(s) in 1 object(s) allocated from: #0 0x7fd4b1c37f20 in __interceptor_realloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:75 #1 0x507e13 in _TIFFrealloc /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/libtiff/tif_unix.c:328 #2 0x410c03 in t2p_readwrite_pdf_image /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2pdf.c:2597 #3 0x42c71c in t2p_write_pdf /home/haojun/Downloads/testopensourcecode/tiff-4.0.7/tools/tiff2pdf.c:5549 #4 0x404386 in main /home/ha...

Description giflib  is a library for reading and writing gif images. It is API and ABI compatible with libungif which was in wide use while the LZW compression algorithm was patented. The GIF2RGB function in gif2rgb.c allows attackers to cause a denial of service (memory leak) via a crafted file. #gif2rgb -o out.gif $FILE ================================================================= ==124794==ERROR: LeakSanitizer: detected memory leaks Direct leak of 1156 byte(s) in 34 object(s) allocated from: #0 0x7f6288723bb8 in  interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62 #1 0x4039bf in GIF2RGB /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:392 #2 0x404a7a in main /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:525 #3 0x7f62882c2b34 in  libc_start_main (/lib64/libc.so.6+0x21b34) Direct leak of 34 byte(s) in 1 object(s) allocated from: #0 0x7f6288723bb8 in  interceptor_malloc ../../...

Description giflib is a library for reading and writing gif images. It is API and ABI compatible with libungif which was in wide use while the LZW compression algorithm was patented. The DumpScreen2RGB function in gif2rgb.c allows attackers to cause a denial of service (heap buffer overflow) via a crafted file. #gif2rgb -o out.gif $FILE ================================================================= ==3815==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60400000e0bd at pc 0x000000403095 bp 0x7ffcc19602b0 sp 0x7ffcc19602a8 READ of size 1 at 0x60400000e0bd thread T0 #0 0x403094 in DumpScreen2RGB /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:317 #1 0x404553 in GIF2RGB /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:474 #2 0x404a7a in main /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:525 #3 0x7f27b384db34 in __libc_start_main (/lib64/libc.so.6+0x21b34) #4 0x4016c8 (/home/haojun/Downloads/testop...