oss-sec mailing list archives
Re: CVE-2017-7592: libtiff: left shift
From: Agostino Sarubbo <ago () gentoo org>
Date: Wed, 12 Apr 2017 14:03:28 +0200
On Monday 10 April 2017 08:29:31 Simon McVittie wrote:
This is a bug, but how is it a security vulnerability? Can an attacker exploit it for DoS or code execution or something with a malformed TIFF image?
Hello Simon, the supposition is that a library stays there to receive multiple inputs, while there is an undefined behavior you don't know what will happen, so basically it is a pontential Denial of Service. -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- CVE-2017-7592: libtiff: left shift Agostino Sarubbo (Apr 10)
- Re: CVE-2017-7592: libtiff: left shift Simon McVittie (Apr 10)
- Re: CVE-2017-7592: libtiff: left shift Agostino Sarubbo (Apr 12)
- Re: CVE-2017-7592: libtiff: left shift Hanno Böck (Apr 12)
- Re: CVE-2017-7592: libtiff: left shift Simon McVittie (Apr 10)