oss-sec mailing list archives

Re: CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image

From: Simon McVittie <smcv () debian org>
Date: Tue, 14 Jun 2016 23:31:18 -0400

On Wed, 15 Jun 2016 at 02:38:54 +0000, 张开翔 wrote:

Product: nautilus
Affected Versions: <= GNOME nautilus 3.18.5, <=libtiff.so 4.0.6

...

Vendor URL: https://www.gnome.org/


Is there something about this vulnerability that makes it a Nautilus
vulnerability? From the stack trace you quoted, this looks like a
generic libtiff vulnerability that would affect any user of libtiff
equally, with Nautilus' role in this vulnerability merely being a
convenient user of libtiff that's easy to point at potentially
untrusted files?

    S

Current thread:

CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image 张开翔 (Jun 14)
- Re: CVE-2016-5317: GNOME nautilus: crash occurs when generating a thumbnail for a crafted TIFF image Simon McVittie (Jun 14)