oss-sec mailing list archives
Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Fri, 15 Jul 2011 06:49:52 -0400
In terms of ease of exploitation, this one has to be in the very difficult basket.
I agree, this would be difficult to exploit.
It's better to be safe than sorry.That's why I rushed out a new release. I do take this seriously, but I do not like to see the threat exaggerated beyond reason.
I didn't mean to imply we should be panicking and running for the hills. Just that the assessment that this is *potentially* exploitable for code execution is accurate and is most helpful to distributions and users when gauging risk and determining when to release and apply updates. -Dan
Erik -- ---------------------------------------------------------------------- Erik de Castro Lopo http://www.mega-nerd.com/
Current thread:
- CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 13)
- Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Erik de Castro Lopo (Jul 14)
- Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 14)
- Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Erik de Castro Lopo (Jul 14)
- Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 15)
- Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Dan Rosenberg (Jul 15)
- Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Jan Lieskovsky (Jul 14)
- Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Dan Rosenberg (Jul 14)
- Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Erik de Castro Lopo (Jul 14)
- Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files Huzaifa Sidhpurwala (Jul 17)