Date: Thu, 22 Sep 2016 16:06:09 +0200 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com Cc: "cve-assign@...re.org" <cve-assign@...re.org> Subject: Re: CVE Request: VLC: Potential divide-by-zero issue On Thu, Sep 22, 2016 at 07:12:32AM +0000, ajax secure wrote: > Hi > > Xiangkun Jia has discovered a divide-by-zero in VLC, which makes the application crashed and may be caused by buffer overflow. The fix is in > > http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=85a64e10d665edf8a29526543b5c6fd4923437fd > > Can you assign a CVE for this issue? Thank you. Crashes without the potential for code injection in enduser applications usually don't receive CVE ID assignments. Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.