oss-sec mailing list archives
Re: CVE-2017-7592: libtiff: left shift
From: Simon McVittie <smcv () debian org>
Date: Mon, 10 Apr 2017 08:29:31 +0100
On Mon, 10 Apr 2017 at 07:03:25 +0000, Agostino Sarubbo wrote:
Since there is no cast, *(pp+1) is treated as int, so UndefinedBehaviorSanitizer says: runtime error: left shift of 134 by 24 places cannot be represented in type 'int'
This is a bug, but how is it a security vulnerability? Can an attacker
exploit it for DoS or code execution or something with a malformed TIFF
image?
S
Current thread:
- CVE-2017-7592: libtiff: left shift Agostino Sarubbo (Apr 10)
- Re: CVE-2017-7592: libtiff: left shift Simon McVittie (Apr 10)
- Re: CVE-2017-7592: libtiff: left shift Agostino Sarubbo (Apr 12)
- Re: CVE-2017-7592: libtiff: left shift Hanno Böck (Apr 12)
- Re: CVE-2017-7592: libtiff: left shift Simon McVittie (Apr 10)