Date: Thu, 31 Dec 2015 15:33:11 -0500 (EST) From: cve-assign@...re.org To: glennrp@...il.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, brian.carpenter@...il.com Subject: Re: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with "-loco" option -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Can you explain how a privilege boundary is crossed? Our understanding is that pngcrush is a command-line program, and that the bug is largely equivalent to a scenario in which the "-loco" functionality had not been implemented. We probably would need a threat model in which the victim cannot recover from the attack by simply avoiding all subsequent use of the "-loco" option, e.g., a segfault that realistically could lead to code execution. We also can't, for example, assign a CVE ID for a threat model in which an attacker constructs a huge PNG file in the hope that a victim may decide to try "pngcrush -loco" on it, and the segfault may cause the creation of a core file that consumes the victim's available disk space. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWhZADAAoJEL54rhJi8gl55u0QALmsZpPJPDlYUUIYzDubpfFR QeLnKg4w94LZ2lN9YsNl6O2JVlZwDmquT0H6IdhpmFE54pz7iMV3O8pKJ5BVjuSF 3G7L32YGYY62NlARlwltC7Krxy2Xw0NiX/1lDi5xxHXshROtmF8xmtBqowjAJxHK FkE5SXx6CyGQ5Du8PNhc9dQ33RPYRv67JMKA6JxgdbesVOyhZ64M2WKEOFYyFF4n ivPyOddIkvrn9PoACDprZGSydjP23jfLa1Hlr7HS5W3+nWwm/C4nzW0AjIIzsTex fJxkZhEJQyeR94qTRvsNzLGw8+8W0WjQhftSUWqsZi3HVZn2S5GXTlC2AZVAEBLE Cdq0G1sYtdUZFPrra4bypirT2e6hsTupy1l8oDp/mGAxbP5qHJUe/pzSMBWwkmuI fUv6fNUvWUnJvSzjVMNvEg3ArEY/4ZqMFqj+KTa0lfMfEN6rLctX+HpvIqlCL3tn ts4232OBwDbvuZrf3nS33IB/Sy8pHae0jF7U3v0wtQhtZBH5ObsFMPJCQlXlhgLz Pvgdx4bT0f8A1z+xHsG4/zyo7kLfxRstRGm+fR5QKVRD63do7b569/X3/CV3ViSH ILQD5qQPYsdYlnnGQ0w3GaFl4lfajbttYfVMHNk/zrI8iK7/i6QN81mqKi2T2Jgi XinKKQ528SshXssmInIo =NnqJ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.