Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Apr 2017 14:03:28 +0200
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2017-7592: libtiff: left shift

On Monday 10 April 2017 08:29:31 Simon McVittie wrote:
> This is a bug, but how is it a security vulnerability? Can an attacker
> exploit it for DoS or code execution or something with a malformed TIFF
> image?

Hello Simon,

the supposition is that a library stays there to receive multiple inputs, while there is 
an undefined behavior you don't know what will happen, so basically it is a 
pontential Denial of Service.

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ