oss-sec mailing list archives
(maybe) CVE request: libvpx before 1.0 crasher
From: Hanno Böck <hanno () hboeck de>
Date: Sat, 28 Jan 2012 14:39:36 +0100
libvpx (webm library) has released a new version that fixes a crasher bug: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html I'm not 100% sure if and in what situation crash bugs qualify as security issues. However, I tend to think that this one does. libvpx is used in browsers and crashing browsers seems an issue to me. Also, it could be used to crash automatic media re-encoding-services (e.g. backends of video websites like youtube). So I'd request a CVE. -- Hanno Böck mail/jabber: hanno () hboeck de GPG: BBB51E42 http://www.hboeck.de/
Attachment:
signature.asc
Description:
Current thread:
- (maybe) CVE request: libvpx before 1.0 crasher Hanno Böck (Jan 28)
- Re: (maybe) CVE request: libvpx before 1.0 crasher Kurt Seifried (Jan 29)