Date: Thu, 31 Dec 2015 15:33:11 -0500 (EST) From: cve-assign@...re.org To: glennrp@...il.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, brian.carpenter@...il.com Subject: Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Can you explain how a privilege boundary is crossed? Our understanding is that pngcrush is a command-line program, and that the bug is largely equivalent to a scenario in which the "-loco" functionality had not been implemented. We probably would need a threat model in which the victim cannot recover from the attack by simply avoiding all subsequent use of the "-loco" option, e.g., a segfault that realistically could lead to code execution. We also can't, for example, assign a CVE ID for a threat model in which an attacker constructs a huge PNG file in the hope that a victim may decide to try "pngcrush -loco" on it, and the segfault may cause the creation of a core file that consumes the victim's available disk space. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWhZADAAoJEL54rhJi8gl55u0QALmsZpPJPDlYUUIYzDubpfFR QeLnKg4w94LZ2lN9YsNl6O2JVlZwDmquT0H6IdhpmFE54pz7iMV3O8pKJ5BVjuSF 3G7L32YGYY62NlARlwltC7Krxy2Xw0NiX/1lDi5xxHXshROtmF8xmtBqowjAJxHK FkE5SXx6CyGQ5Du8PNhc9dQ33RPYRv67JMKA6JxgdbesVOyhZ64M2WKEOFYyFF4n ivPyOddIkvrn9PoACDprZGSydjP23jfLa1Hlr7HS5W3+nWwm/C4nzW0AjIIzsTex fJxkZhEJQyeR94qTRvsNzLGw8+8W0WjQhftSUWqsZi3HVZn2S5GXTlC2AZVAEBLE Cdq0G1sYtdUZFPrra4bypirT2e6hsTupy1l8oDp/mGAxbP5qHJUe/pzSMBWwkmuI fUv6fNUvWUnJvSzjVMNvEg3ArEY/4ZqMFqj+KTa0lfMfEN6rLctX+HpvIqlCL3tn ts4232OBwDbvuZrf3nS33IB/Sy8pHae0jF7U3v0wtQhtZBH5ObsFMPJCQlXlhgLz Pvgdx4bT0f8A1z+xHsG4/zyo7kLfxRstRGm+fR5QKVRD63do7b569/X3/CV3ViSH ILQD5qQPYsdYlnnGQ0w3GaFl4lfajbttYfVMHNk/zrI8iK7/i6QN81mqKi2T2Jgi XinKKQ528SshXssmInIo =NnqJ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ