oss-sec mailing list archives
Re: CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image
From: Simon McVittie <smcv () debian org>
Date: Tue, 14 Jun 2016 23:31:18 -0400
On Wed, 15 Jun 2016 at 02:38:54 +0000, 张开翔 wrote:
Product: nautilus Affected Versions: <= GNOME nautilus 3.18.5, <=libtiff.so 4.0.6
...
Vendor URL: https://www.gnome.org/
Is there something about this vulnerability that makes it a Nautilus vulnerability? From the stack trace you quoted, this looks like a generic libtiff vulnerability that would affect any user of libtiff equally, with Nautilus' role in this vulnerability merely being a convenient user of libtiff that's easy to point at potentially untrusted files? S
Current thread:
- CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image 张开翔 (Jun 14)
- Re: CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image Simon McVittie (Jun 14)