Home page logo

oss-sec logo oss-sec mailing list archives

Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Fri, 15 Jul 2011 06:49:52 -0400

In terms of ease of exploitation, this one has to be in the very difficult

I agree, this would be difficult to exploit.

It's better to be safe than sorry.

That's why I rushed out a new release. I do take this seriously, but
I do not like to see the threat exaggerated beyond reason.

I didn't mean to imply we should be panicking and running for the
hills. Just that the assessment that this is *potentially* exploitable
for code execution is accurate and is most helpful to distributions
and users when gauging risk and determining when to release and apply


Erik de Castro Lopo

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]