oss-sec mailing list archives
Re: mpg123: global buffer overflow in III_i_stereo (layer3.c)
From: Jonas Thiem <jonas@thiem.email>
Date: Tue, 11 Jul 2017 14:59:09 +0200
On 11.07.2017 10:02, Dr. Thomas Orgis wrote:
My program accesses memory that belongs to my program … unless the compiler inserts forbidden zones in there.
So why do you know for sure that no program would store private keys or other sensitive data there? Or is this only static data by the mp3 library itself? It seems to me like this could still be a major security issue beyond a simple denial of service.
Current thread:
- mpg123: global buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Agostino Sarubbo (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Seth Arnold (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Kurt Seifried (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Michal Zalewski (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Kurt Seifried (Jul 10)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 11)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Jonas Thiem (Jul 11)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 11)
- Re: mpg123: global buffer overflow in III_i_stereo (layer3.c) Dr. Thomas Orgis (Jul 10)