oss-sec mailing list archives
Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx
From: nightmare.yeah27 () aceecat org
Date: Thu, 28 Sep 2023 17:10:09 -0700
On Thu, Sep 28, 2023 at 04:42:33PM -0400, Demi Marie Obenour wrote:
How long will it take for corporations to accept that writing media codecs in C, C++, or any other memory-unsafe language is a fundamentally bad idea, and that it is better to rewrite the codecs in a safe language (such as Wuffs or Rust) than to try to secure the existing ones?
Wouldn't the low-level code have to ultimately depend on unsafe Rust modules, or similar feature in other safe language? -- Ian
Current thread:
- CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Alan Coopersmith (Sep 28)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Demi Marie Obenour (Sep 28)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx nightmare . yeah27 (Sep 29)
- Re: Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Demi Marie Obenour (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Michael Orlitzky (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Travis Finkenauer (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Michael Orlitzky (Sep 29)
- Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Dominique Martinet (Sep 30)
- Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Demi Marie Obenour (Sep 30)
- Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Michael Orlitzky (Sep 30)
- Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx) Steffen Nurpmeso (Sep 30)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx nightmare . yeah27 (Sep 29)
- Re: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx Demi Marie Obenour (Sep 28)