Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [month] [year] [list] 
Date: Sun, 13 Jul 2008 13:46:14 +0200
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Cc: coley@...re.org
Subject: CVE requests: crashers by zzuf

I want to track down all of them now that are still unfixed. More cve requests 
will follow.
FYI:
http://hboeck.de/archives/578-How-long-does-it-take-to-fix-a-crash-bug.html

Steve, please assign cves for these:

crash (unknown if exploitable) by corrupted gif in ffmpeg lavf:
http://bugzilla.gnome.org/show_bug.cgi?id=542643
Sample: http://sam.zoy.org/zzuf/lol-giftopnm.gif

crash (unknown if exploitable) by corrupted ogg in xine.
Sample: http://sam.zoy.org/zzuf/lol-ffplay.ogg


-- 
Hanno Böck		Blog:		http://www.hboeck.de/
GPG: 3DBD3B20		Jabber/Mail:	hanno@...eck.de

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux