oss-sec mailing list archives

(maybe) CVE request: libvpx before 1.0 crasher

From: Hanno Böck <hanno () hboeck de>
Date: Sat, 28 Jan 2012 14:39:36 +0100

libvpx (webm library) has released a new version that fixes a crasher
bug:
http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html

I'm not 100% sure if and in what situation crash bugs qualify as
security issues.

However, I tend to think that this one does. libvpx is used in browsers
and crashing browsers seems an issue to me.
Also, it could be used to crash automatic media re-encoding-services
(e.g. backends of video websites like youtube).

So I'd request a CVE.

-- 
Hanno Böck              mail/jabber: hanno () hboeck de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description:

Current thread:

(maybe) CVE request: libvpx before 1.0 crasher Hanno Böck (Jan 28)
- Re: (maybe) CVE request: libvpx before 1.0 crasher Kurt Seifried (Jan 29)