Re: CVE Request: imview

[Sang Kil Cha <sangkilc () cmu edu>]

One can associate the program with ics file, but maybe it is not likely.
Thank you for your help anyway.

Best,
-Sang Kil

On Wed, Feb 6, 2013 at 1:38 PM, Kurt Seifried <kseifried () redhat com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 02/05/2013 02:59 PM, Sang Kil Cha wrote:
> > It reads in .ics file (iCalendar). Typical scenario would be to
> > share your schedule by sending the ics file to your friends. So
> > someone can open a malicious calendar file from imview, and then
> > crash.
> >
> > -Sang Kil
>
> Is it loaded automatically somehow (e.g. ics file association?). It
> seems like causing this program to crash won't cause any harm (e.g. no
> lost data/etc. like you get when crashing a web browser/email
> client/server). Right now I'm leaning towards not assigning a CVE as
> it appears there is no real security related impact.
>
>
> - --
> Kurt Seifried Red Hat Security Response Team (SRT)
> PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (GNU/Linux)
>
> iQIcBAEBAgAGBQJREqMLAAoJEBYNRVNeJnmTwJgP+wVa+pIGBe/FerHCOAuFasLv
> m7jtS3epo021F/bpwYHCmAJjS89mx6uoU9XgUUeBOQQqN4W3BawqD4kRgLvQ9P7B
> BczWYmNmwWs/z7Ws+GBtK7ymt2fDfprRe7I3HYLCnV4M54LHzVCugn5RIZlmhcaq
> j+YkSdayV/+Rfx1ZR95EU1okAwiJ4Is6/QL/GGLQPiAZUMJWKb8gmHUThUPcWsbr
> 9so1bzN1Sidqst2FdsZtC88Cx+GGlIoIzU4h85Fo4Yu2ah4lXqeLUFUF8KHkf0HG
> qfQ3zvM2gRe9/6YKWZroqEA0oXYjuBMuJPqag/pmqB9cGN+t9F9TsYXAmdXY5vfd
> kSiVx2vXlvgLxyZrys784Tb2dfv8YCX8JTyV4BHMs0be6VuL/RcFPgJwhkpWAIYM
> dtGsBR5BG/+cKKHScIoeihroR6Po9t3ESdTdSNAWi/W/pE3yzN6yQNGjXwrAxcvW
> abw/rNZFB/KjWOEIRLgCrFMXeAfCoaOpih9jd3FVf6kP+mpGXn5MoTdQpsSb49e1
> dXZyvbB3LyqC45zYhpZUnQgKhQ9aGgSvR7rCk6pLbtnjC5NtCJ3N4S3BYRMm6/XR
> C+ocy+HptomqtwSRFFkb+ktJmOr+CbAwZkh3WZvtNXrXf+nJLDCPNXSzIh1m7IVb
> e/4mxG4elhoBEdWxbef1
> =TfWR
> -----END PGP SIGNATURE-----