Re: tiff / CVE-2018-7456

To: Brian May <bam@debian.org>
Cc: debian-lts@lists.debian.org
Subject: Re: tiff / CVE-2018-7456
From: Hugo Lefeuvre <hle@debian.org>
Date: Sun, 18 Mar 2018 09:48:58 +0100
Message-id: <[🔎] 20180318084858.GB1857@hle-laptop.local>
In-reply-to: <[🔎] 87woyam9kx.fsf@silverfish.pri>
References: <[🔎] 87d105q3je.fsf@silverfish.pri> <[🔎] 20180315155519.GB2886@hle-laptop.local> <[🔎] 87sh90o7e1.fsf@silverfish.pri> <[🔎] 20180316100737.GA1828@hle-laptop.local> <[🔎] 87woyam9kx.fsf@silverfish.pri>

Hi Brian,

> > So, in fact it may very well be that the size of the TransferFunction table
> > is always at most 3 rows and this definition is right.
> 
> Is the code that loads the transfer function safe? Is there any
> possibility of tricking the loading function to try and set the 4th row?

Hum, actually if I understand the specification well, the transfer
function doesn't care about extra samples and supported
PhotometricInterpretations have at most (standard spp) = 3. So, the 4th
(or in general n-th row with n > 3) row is just nonsense and should be
considered as the result of unchecked SamplesPerPixel / ExtraSamples
values.

(only supposing, handle with care :))

Cheers,
 Hugo

-- 
             Hugo Lefeuvre (hle)    |    www.owl.eu.com
4096/ 9C4F C8BF A4B0 8FC5 48EB 56B8 1962 765B B9A8 BACA

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- tiff / CVE-2018-7456
  - From: Brian May <bam@debian.org>
- Re: tiff / CVE-2018-7456
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: tiff / CVE-2018-7456
  - From: Brian May <bam@debian.org>
- Re: tiff / CVE-2018-7456
  - From: Hugo Lefeuvre <hle@debian.org>
- Re: tiff / CVE-2018-7456
  - From: Brian May <bam@debian.org>

Prev by Date: Re: tiff / CVE-2018-7456
Next by Date: Patch for CVE-2018-7490 in uwsgi
Previous by thread: Re: tiff / CVE-2018-7456
Next by thread: March Report
Index(es):
- Date
- Thread