Date: Wed, 12 Apr 2017 14:03:28 +0200 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: Re: CVE-2017-7592: libtiff: left shift On Monday 10 April 2017 08:29:31 Simon McVittie wrote: > This is a bug, but how is it a security vulnerability? Can an attacker > exploit it for DoS or code execution or something with a malformed TIFF > image? Hello Simon, the supposition is that a library stays there to receive multiple inputs, while there is an undefined behavior you don't know what will happen, so basically it is a pontential Denial of Service. -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ