[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2017-9935 / tiff



"Roberto C. Sánchez" <roberto@debian.org> writes:

> That sounds like a flawed assumption.  The spec (I provide a working
> link below) describes the format of a TIFF as being made up of an 8 byte
> header and one or more images (IFDs, or image file directories).
>
> The descriptions do not explicitly say that each page can have its own
> transfer function, but I cannot see how it would be possible to require
> that a single transfer function be applied to all pages in a TIFF in
> every case (assuming one is present in the first place).  Also, since
> the transfer function cannot fit in the TIFF header, I have to assume
> that it must be a per-page field.

After a quick scan of the spec, I agree with your understanding.
-- 
Brian May <bam@debian.org>


Reply to: