Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: Re: CVE Request -- libsndfile -- Integer overflow by processing certain PAF files
From: Dan Rosenberg <dan.j.rosenberg () gmail com>
Date: Fri, 15 Jul 2011 06:49:52 -0400


In terms of ease of exploitation, this one has to be in the very difficult
basket.


I agree, this would be difficult to exploit.

It's better to be safe than sorry.

That's why I rushed out a new release. I do take this seriously, but
I do not like to see the threat exaggerated beyond reason.


I didn't mean to imply we should be panicking and running for the
hills. Just that the assessment that this is *potentially* exploitable
for code execution is accurate and is most helpful to distributions
and users when gauging risk and determining when to release and apply
updates.

-Dan

Erik
--
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]