<div dir="ltr"><div class="gmail-aju" style="float:none;padding:0px 16px;display:flex;height:80px;min-width:40px;font-family:"Google Sans",Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:medium"><div class="gmail-aCi" style=""><img id="gmail-:m7_19-e" name="gmail-:m7" src="https://lh3.googleusercontent.com/a/ACg8ocIU8Di-hI6lEhIQ5MKTcgFpv03LNlyKRQrx7qkW-yyvAyOrG-oJ=s80-p" class="gmail-ajn" aria-hidden="true" style="width: 40px; height: 40px; border-radius: 50%; display: block; background-color: rgb(164, 194, 244);"></div></div><div class="gmail-gs" style="margin:0px;min-width:0px;padding:0px 0px 20px;width:initial;font-family:"Google Sans",Roboto,RobotoDraft,Helvetica,Arial,sans-serif;font-size:medium"><div class="gmail-gE gmail-iv gmail-gt" style="font-size:0.875rem;padding:20px 0px 0px"><table cellpadding="0" class="gmail-cf gmail-gJ" style="border-collapse:collapse;margin-top:0px;width:auto;font-size:0.875rem;display:block"><tbody style="display:block"><tr class="gmail-acZ" style="height:auto;display:flex"><td class="gmail-gF gmail-gK" style="padding:0px;vertical-align:top;width:1134.4px;line-height:20px;display:block;max-height:20px"><table cellpadding="0" class="gmail-cf gmail-ix" style="border-collapse:collapse;table-layout:fixed;width:1134.4px"><tbody><tr><td class="gmail-c2" style="display:flex"><h3 class="gmail-iw gmail-gFxsud" style="overflow:hidden;font-size:0.75rem;font-weight:inherit;margin:inherit;text-overflow:ellipsis;color:rgb(95,99,104);line-height:20px"><span class="gmail-qu" role="gridcell" tabindex="-1"><span name="Ajin Deepak" class="gmail-gD" style="color:rgb(31,31,31);font-size:0.875rem;font-weight:bold;display:inline;vertical-align:top;line-height:20px"><span style="vertical-align:top">Ajin Deepak</span></span> <span class="gmail-cfXrwd"></span><span class="gmail-go" style="vertical-align:top;color:rgb(94,94,94)"><span aria-hidden="true"><</span><a href="mailto:ajindeepak0007@gmail.com">ajindeepak0007@gmail.com</a><span aria-hidden="true">></span></span></span></h3><h3 class="gmail-iw gmail-rapwed" style="overflow:hidden;font-size:0.75rem;font-weight:inherit;margin:inherit;text-overflow:ellipsis;color:rgb(95,99,104);line-height:20px"></h3></td></tr></tbody></table></td><td class="gmail-gH gmail-bAk" style="text-align:right;vertical-align:top;display:block;max-height:20px"><div class="gmail-gK" style="padding:0px;display:flex"><span id="gmail-:t9" class="gmail-g3" title="Nov 21, 2024, 7:59 PM" alt="Nov 21, 2024, 7:59 PM" role="gridcell" tabindex="-1" style="vertical-align:top;margin:0px;font-size:0.75rem;color:rgb(94,94,94);display:block;line-height:20px">7:59 PM (2 minutes ago)</span><div class="gmail-zd gmail-bi4" aria-label="Not starred" tabindex="0" role="checkbox" aria-checked="false" style="display:inline-block;height:20px;margin-left:20px;outline:0px"><span class="gmail-T-KT" style="display:inline-flex;height:20px;text-align:center;width:20px;padding:0px;margin:0px;border:none;outline:none"></span></div></div></td><td class="gmail-gH" style="text-align:right;vertical-align:top;display:flex"></td><td class="gmail-gH gmail-acX gmail-bAm" rowspan="2" style="text-align:right;vertical-align:top;display:block;max-height:20px"><div class="gmail-T-I gmail-J-J5-Ji gmail-T-I-Js-IF gmail-R1Zuwf gmail-T-I-ax7 gmail-L3" role="button" tabindex="0" aria-label="Add reaction" style="display:inline-flex;border-radius:2px 0px 0px 2px;font-size:0.875rem;text-align:center;margin:0px 0px 0px 20px;height:20px;line-height:18px;min-width:auto;outline:none;padding:0px;background:transparent;color:rgb(68,68,68);border:none"><img class="gmail-qfynfc gmail-T-I-J3" role="button" src="https://mail.google.com/mail/u/0/images/cleardot.gif" alt="" style="background-position: 50% 50%; background-repeat: no-repeat; background-size: 20px; background-image: url("//ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/mood_baseline_nv700_20dp.png"); margin: 0px; vertical-align: middle; opacity: 1; display: inline-block; height: 20px; padding: 0px; transition: opacity 0.15s cubic-bezier(0.4, 0, 0.2, 1); width: 20px;"></div><div class="gmail-T-I gmail-J-J5-Ji gmail-T-I-Js-IF gmail-aaq gmail-T-I-ax7 gmail-L3" role="button" tabindex="0" aria-label="Reply" style="display:inline-flex;border-radius:2px 0px 0px 2px;font-size:0.875rem;text-align:center;margin:0px 0px 0px 20px;height:20px;line-height:18px;min-width:0px;outline:none;padding:0px;background:transparent;color:rgb(68,68,68);border:none"><img class="gmail-hB gmail-T-I-J3" role="button" src="https://mail.google.com/mail/u/0/images/cleardot.gif" alt="" style="background: url("//ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/reply_baseline_nv700_20dp.png") 50% 50% / 20px no-repeat; height: 20px; margin: 0px; vertical-align: middle; width: 20px; opacity: 1; display: inline-block; padding: 0px; transition: opacity 0.15s cubic-bezier(0.4, 0, 0.2, 1);"></div><div id="gmail-:sk" class="gmail-T-I gmail-J-J5-Ji gmail-T-I-Js-Gs gmail-aap gmail-T-I-awG gmail-T-I-ax7 gmail-L3" role="button" tabindex="0" aria-expanded="false" aria-haspopup="true" aria-label="More message options" style="display:inline-flex;border-radius:0px 2px 2px 0px;font-size:0.875rem;text-align:center;margin:0px 0px 0px 20px;height:20px;line-height:18px;min-width:0px;outline:none;padding:0px;background:transparent;color:rgb(68,68,68);border:none"><img class="gmail-hA gmail-T-I-J3" role="menu" src="https://mail.google.com/mail/u/0/images/cleardot.gif" alt="" style="background: url("//ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/more_vert_baseline_nv700_20dp.png") 50% 50% / 20px no-repeat; height: 20px; width: 20px; margin: 0px; vertical-align: middle; opacity: 1; display: inline-block; padding: 0px; transition: opacity 0.15s cubic-bezier(0.4, 0, 0.2, 1);"></div></td></tr><tr class="gmail-acZ gmail-xD" style="height:auto;display:flex"><td colspan="3"><table cellpadding="0" class="gmail-cf gmail-adz" style="border-collapse:collapse;table-layout:fixed;width:1424px"><tbody><tr><td class="gmail-ady" style="overflow:visible;text-overflow:ellipsis;display:flex;line-height:20px"><div class="gmail-iw gmail-ajw" style="overflow:hidden;max-width:92%;display:inline-block"><span class="gmail-hb" style="vertical-align:top;color:rgb(94,94,94);font-size:0.75rem;line-height:20px">to <span name="Debian" class="gmail-g2" style="vertical-align:top">Debian</span></span></div><div id="gmail-:pe" aria-haspopup="true" class="gmail-ajy" role="button" tabindex="0" aria-label="Show details" style="display:inline-flex;margin-left:4px;vertical-align:top;border:none;outline:none"><img class="gmail-ajz" src="https://mail.google.com/mail/u/0/images/cleardot.gif" alt="" style="background: url("https://www.gstatic.com/images/icons/material/system_gm/2x/arrow_drop_down_black_20dp.png") 50% 50% / 20px no-repeat; cursor: pointer; padding: 0px; vertical-align: baseline; height: 20px; width: 20px; border: none; margin: 0px 0px 0px auto; right: 0px; top: 0px; display: flex; opacity: 0.71;"></div></td></tr></tbody></table></td></tr></tbody></table></div><div id="gmail-:td"><div class="gmail-KKSLrd"></div><div class="gmail-qQVYZb"></div><div class="gmail-utdU2e"></div><div class="gmail-lQs8Hd"></div><div class="gmail-wl4W9b" style="display:flex"></div></div><div class="gmail-"><div class="gmail-aHl" style=""></div><div id="gmail-:p7" tabindex="-1"></div><div id="gmail-:tb" class="gmail-ii gmail-gt gmail-adO" style="direction:ltr;margin:8px 0px 0px;padding:0px;font-size:0.875rem;overflow-x:hidden"><div id="gmail-:tc" class="gmail-a3s gmail-aiL" style="direction:ltr;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;font-size-adjust:none;font-kerning:auto;font-feature-settings:normal;font-stretch:normal;font-size:small;line-height:1.5;font-family:Arial,Helvetica,sans-serif;overflow:auto hidden"><div dir="ltr">Hi,<br><br>Thank you for your response and for sharing your perspective on this issue. I understand your concerns regarding the severity classification of the memory leak in <code>dcraw</code>. Allow me to provide some additional context and justification for treating this as a medium to critical issue. While <code>dcraw</code> is a standalone CLI tool, it can be integrated into other software. For example, I saw RawTherapee using dcraw.<br><a href="https://github.com/Beep6581/RawTherapee?tab=readme-ov-file" target="_blank">https://github.com/Beep6581/RawTherapee?tab=readme-ov-file</a><br><br>Address leaks or memory leaks in tools like <code>dcraw</code> could expose sensitive memory data when run in multi-user systems, potentially aiding attackers in other exploits such as bypassing ASLR.<br><a href="https://security.stackexchange.com/questions/22989/how-leaking-pointers-to-bypass-dep-aslr-works" target="_blank">https://security.stackexchange.com/questions/22989/how-leaking-pointers-to-bypass-dep-aslr-works</a><br><br>Let me show you an similar CVE which had a memory leak<br><a href="https://www.cve.org/CVERecord?id=CVE-2024-7526" target="_blank">https://www.cve.org/CVERecord?id=CVE-2024-7526</a><br><br>You can find a number of them in <a href="http://cve.org/" target="_blank">cve.org</a>. <br><br>There are a lot of CVEs for CLI tools. For example:<ul><li style="margin-left:15px"><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4799" target="_blank">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4799</a></li><li style="margin-left:15px"><a href="https://www.cve.org/CVERecord?id=CVE-2024-7867" target="_blank">https://www.cve.org/CVERecord?id=CVE-2024-7867</a><br><br></li></ul><div>I understand your concern and thanks for your patience</div></div></div></div></div></div></div>