Date: Tue, 18 Nov 2014 22:41:05 -0800 From: Michal Zalewski <lcamtuf@...edump.cx> To: oss-security <oss-security@...ts.openwall.com> Subject: Re: RE: [security-vendor] Re: Fuzzing findings (and maybe CVE requests) - Image/GraphicsMagick, elfutils, GIMP, gdk-pixbuf, file, ndisasm, less > Speaking of fuzzing so that clamav issue, was triggered by a file that > existed in public since 2010 or so (at least that's what virustotal had > for the first submission date). So you'd think based on what people use > clamav for it would have been heavily fuzzed by now (scanning all sorts > of random/malicious input) but I guess people don't report stuff upstream. Tavis looked at several commercial AV engines some time ago, I think it wasn't pretty. I suspect that clamav may be very much worth fuzzing or auditing. /mz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.