Re: CVE-2017-9935 / tiff

To: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org
Subject: Re: CVE-2017-9935 / tiff
From: Brian May <bam@debian.org>
Date: Tue, 14 Nov 2017 18:24:37 +1100
Message-id: <[🔎] 87o9o5iaq2.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 20171114035243.v5kx2la3nkd2uz4x@connexer.com>
References: <[🔎] 87375hkh65.fsf@prune.linuxpenguins.xyz> <[🔎] 20171114035243.v5kx2la3nkd2uz4x@connexer.com>

"Roberto C. Sánchez" <roberto@debian.org> writes:

> That sounds like a flawed assumption.  The spec (I provide a working
> link below) describes the format of a TIFF as being made up of an 8 byte
> header and one or more images (IFDs, or image file directories).
>
> The descriptions do not explicitly say that each page can have its own
> transfer function, but I cannot see how it would be possible to require
> that a single transfer function be applied to all pages in a TIFF in
> every case (assuming one is present in the first place).  Also, since
> the transfer function cannot fit in the TIFF header, I have to assume
> that it must be a per-page field.

After a quick scan of the spec, I agree with your understanding.
-- 
Brian May <bam@debian.org>

Reply to:

References:
- CVE-2017-9935 / tiff
  - From: Brian May <brian@linuxpenguins.xyz>
- Re: CVE-2017-9935 / tiff
  - From: Roberto C. Sánchez <roberto@debian.org>

Prev by Date: Re: CVE-2017-9935 / tiff
Next by Date: Notes on building with ASAN
Previous by thread: Re: CVE-2017-9935 / tiff
Next by thread: Notes on building with ASAN
Index(es):
- Date
- Thread