Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE-Request taglib vulnerabilities
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 21 Mar 2012 11:19:38 -0600

On 03/21/2012 09:42 AM, Ludwig Nussel wrote:
Zubin Mithra wrote:
The issues which are present in the latest "release" but not in the current
development head were :-

[3] Lack of sanity checks of fields which were read, and were used for
allocating memory; crafted files would lead of application crash.

Not an issue according to upstream:

Shouldn't it simply say "file to large" or "unable to allocate blah"
something rather than crashing? I assume by "large" file the file
doesn't actually need to be large, just the header information needs to
claim it is large?

[4] A one bit change in a working ogg file would cause a thread to loop


Has this been confirmed? Does the looping thread actually cause a DoS,
simply slow down the application a bit, or?


Kurt Seifried Red Hat Security Response Team (SRT)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]