oss-sec mailing list archives
CVEs for zzuf crashers?
From: Hanno Böck <hanno () hboeck de>
Date: Fri, 28 Mar 2008 00:07:22 +0100
Hi, Sam Hovecar has created zzuf more than a year ago and posted a bunch of samples crashing various multimedia and other apps: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities I've done some re-testing about a year later: http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html Some are still unfixed, I recently opened some upstream bug reports: https://bugzilla.mozilla.org/show_bug.cgi?id=424333 also mentioned on http://www.securityfocus.com/bid/27243 http://bugs.xine-project.org/show_bug.cgi?id=74 http://bugzilla.mplayerhq.hu/show_bug.cgi?id=1043 (gstreamer not done yet, waiting for 0.10.18 to land in gentoo) At least the firefox issue and the still open mediaplayer crashers could have their own CVE (if there aren't already ones for it). -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVEs for zzuf crashers? Hanno Böck (Mar 27)
- Re: CVEs for zzuf crashers? Nico Golde (Mar 27)