Date: Sat, 25 Oct 2014 10:36:25 -0700 From: Michal Zalewski <lcamtuf@...edump.cx> To: oss-security <oss-security@...ts.openwall.com> Subject: cve request: libbfd? Hey, You may want to assign something to: http://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html http://sourceware.org/bugzilla/show_bug.cgi?id=17510 This is slightly complicated by the fact that libbfd is just bad in general and there likely are dozens of individual bugs, but the write-to-arbitrary-pointer issues with ELF section parsing in elf.c sort of stand out. /mz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ