[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tiff / CVE-2018-18661



Brian May <bam@debian.org> writes:

> Ola Lundqvist <ola@inguza.com> writes:
>
>> Could it be so that the problem is only reproducible on 32-bit
>> systems?
>
> Good point. Will try.

Nope. Can't reproduce i386 build on amd64 kernel. I would be rather
surprised if choice of kernel mattered.

I can reproduce CVE-2018-19210. Both on wheezy and stretch. Doesn't
appear to be any patch available yet. Note when testing this
vulnerabilty, the supplied command will modify the source file, meaning
running the same command one plus times will not crash after the first
time (unless you restore the input file).
-- 
Brian May <bam@debian.org>


Reply to: