oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files

From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Fri, 15 Jul 2011 06:49:52 -0400

In terms of ease of exploitation, this one has to be in the very difficult
basket.



I agree, this would be difficult to exploit.


It's better to be safe than sorry.


That's why I rushed out a new release. I do take this seriously, but
I do not like to see the threat exaggerated beyond reason.



I didn't mean to imply we should be panicking and running for the
hills. Just that the assessment that this is *potentially* exploitable
for code execution is accurate and is most helpful to distributions
and users when gauging risk and determining when to release and apply
updates.

-Dan


Erik
--
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/
Previous By Date Next
Previous By Thread Next

Current thread: