Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Jul 2017 14:59:09 +0200
From: Jonas Thiem <jonas@...em.email>
To: oss-security@...ts.openwall.com,
 "Dr. Thomas Orgis" <thomas.orgis@...-hamburg.de>
Subject: Re: mpg123: global buffer overflow in III_i_stereo
 (layer3.c)



On 11.07.2017 10:02, Dr. Thomas Orgis wrote:
> My program accesses memory that belongs
> to my program … unless the compiler inserts forbidden zones in there.

So why do you know for sure that no program would store private keys or
other sensitive data there? Or is this only static data by the mp3
library itself?

It seems to me like this could still be a major security issue beyond a
simple denial of service.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.