oss-sec mailing list archives
Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option
From: Glenn Randers-Pehrson <glennrp () gmail com>
Date: Thu, 31 Dec 2015 16:35:49 -0500
On Thu, Dec 31, 2015 at 3:33 PM, <cve-assign () mitre org> wrote:
Our understanding is that pngcrush is a command-line program, and that the bug is largely equivalent to a scenario in which the "-loco" functionality had not been implemented.
There are web services that compress PNG files, using pngcrush as their compression engine. I haven't found any that allow users to specify the "-loco" option, though.
We probably would need a threat model in which the victim cannot recover from the attack by simply avoiding all subsequent use of the "-loco" option, e.g., a segfault that realistically could lead to code execution.
OK, I'm withdrawing the request for a CVE number. Glenn
Current thread:
- CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option Glenn Randers-Pehrson (Dec 31)
- Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option cve-assign (Dec 31)
- Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option Glenn Randers-Pehrson (Dec 31)
- Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option cve-assign (Dec 31)