oss-sec mailing list archives
Re: CVE-2017-7592: libtiff: left shift
From: Hanno Böck <hanno () hboeck de>
Date: Wed, 12 Apr 2017 15:00:45 +0200
On Mon, 10 Apr 2017 08:29:31 +0100 Simon McVittie <smcv () debian org> wrote:
This is a bug, but how is it a security vulnerability? Can an attacker exploit it for DoS or code execution or something with a malformed TIFF image?
Quesitons like this come up quite often. Maybe we need a final definite answer to them all :-) The reasoning is roughly: It's undefined behavior, so the compiler can do whatever it wants. So all undefined behavior should be considered security relevant, because the compiler can always do something that will turn it into a vuln. Whether you agree to this or not, it's definitely good secure coding practice to avoid undefined behavior. People have different ideas of what to call a vuln and what not. CVE-assigners have lately taken a very wide approach of declaring many things as cve-worthy. Just accept that not every CVE means "it's definitely exploitable". -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- CVE-2017-7592: libtiff: left shift Agostino Sarubbo (Apr 10)
- Re: CVE-2017-7592: libtiff: left shift Simon McVittie (Apr 10)
- Re: CVE-2017-7592: libtiff: left shift Agostino Sarubbo (Apr 12)
- Re: CVE-2017-7592: libtiff: left shift Hanno Böck (Apr 12)
- Re: CVE-2017-7592: libtiff: left shift Simon McVittie (Apr 10)