oss-sec mailing list archives
Re: CVEs for zzuf crashers?
From: Nico Golde <oss-security+ml () ngolde de>
Date: Fri, 28 Mar 2008 01:16:23 +0100
Hi Hanno, * Hanno Böck <hanno () hboeck de> [2008-03-28 00:26]:
Sam Hovecar has created zzuf more than a year ago and posted a bunch of samples crashing various multimedia and other apps: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities I've done some re-testing about a year later: http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html Some are still unfixed, I recently opened some upstream bug reports:
[...] Since a crash itself in a non-service appliction is not necessary a security issue I think we should check them in detail before assigning CVE ids for them (does not mean they are non-issues though). Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVEs for zzuf crashers? Hanno Böck (Mar 27)
- Re: CVEs for zzuf crashers? Nico Golde (Mar 27)