Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE-Request taglib vulnerabilities
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Wed, 21 Mar 2012 16:42:38 +0100

Zubin Mithra wrote:
The issues which are present in the latest "release" but not in the current
development head were :-

[3] Lack of sanity checks of fields which were read, and were used for
allocating memory; crafted files would lead of application crash.

Not an issue according to upstream:

[4] A one bit change in a working ogg file would cause a thread to loop



 (o_   Ludwig Nussel
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imend├Ârffer, HRB 16746 (AG N├╝rnberg) 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]