oss-sec mailing list archives
Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression
From: anarcat <anarcat () orangeseeds org>
Date: Fri, 05 Feb 2016 15:32:29 -0500
So from what I understand, this issue is only related to the *sample* code in php-openid, correct? You also report that this code is in "use verbatim" in "the vast majority of sites", yet looking at the Debian code base, the only samples of that code I could find are in php-openid itself and the SAML library: https://codesearch.debian.net/search?perpkg=1&q=getTrustRoot (jglobus seems to be a false positive there) I have reviewed the usage of the openid.realm field in the Debian source code and, in general, it doesn't seem to use the `Host:` header: https://codesearch.debian.net/search?perpkg=1&q=openid.realm Furthermore, I am not sure the attack works even on the theoritical level: how would the user reach the proper website if the Host header is changed? A. -- Never attribute to malice that which can be adequately explained by stupidity, but don't rule out malice. - Albert Einstein
Current thread:
- CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression Salvatore Bonaccorso (Jan 24)
- Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression cve-assign (Jan 24)
- Re: CVE Request: tiff: Out-of-bounds write for invalid images using LogL compression anarcat (Feb 05)