Date: Thu, 31 Dec 2015 16:35:49 -0500 From: Glenn Randers-Pehrson <glennrp@...il.com> To: cve-assign@...re.org Cc: oss-security@...ts.openwall.com, Brian Carpenter <brian.carpenter@...il.com> Subject: Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option On Thu, Dec 31, 2015 at 3:33 PM, <cve-assign@...re.org> wrote: > > Our understanding is that pngcrush is a command-line program, and that > the bug is largely equivalent to a scenario in which the "-loco" > functionality had not been implemented. > There are web services that compress PNG files, using pngcrush as their compression engine. I haven't found any that allow users to specify the "-loco" option, though. > We probably would need a threat model in which the victim cannot > recover from the attack by simply avoiding all subsequent use of the > "-loco" option, e.g., a segfault that realistically could lead to code > execution. > OK, I'm withdrawing the request for a CVE number. Glenn
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ