Re: CVE-2017-9935 / tiff
"Roberto C. Sánchez" <roberto@debian.org> writes:
> That sounds like a flawed assumption. The spec (I provide a working
> link below) describes the format of a TIFF as being made up of an 8 byte
> header and one or more images (IFDs, or image file directories).
>
> The descriptions do not explicitly say that each page can have its own
> transfer function, but I cannot see how it would be possible to require
> that a single transfer function be applied to all pages in a TIFF in
> every case (assuming one is present in the first place). Also, since
> the transfer function cannot fit in the TIFF header, I have to assume
> that it must be a per-page field.
After a quick scan of the spec, I agree with your understanding.
--
Brian May <bam@debian.org>
Reply to: