[Debian-astro-maintainers] Bug#1087911: Bug#1087911: Memory leaks in dcraw

Thorsten Alteholz debian at alteholz.de
Thu Nov 21 12:59:45 GMT 2024


Control: severity -1 normal


On 20.11.24 06:28, Ajin Deepak wrote:
> Found a memory leak in the latest version of dcraw.

Did you already apply for a CVE number?

>
> Impact:
>
> Memory leaks can create vulnerabilities. Attackers might exploit them to degrade service (denial of service attacks) or infer information about memory layouts, aiding other exploits.
> These also affect the previous versions too.

This is ridiculous! dcraw is a CLI tool. What kind of service do you 
want to degrade? What kind of information can be leaked and on which way?
In the past similar bugs have been been rated as "unimportant" or 
"minor" by the Debian Security Team. What evidence do you have that this 
bug is different?

Setting severity to normal again.

   Thorsten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-astro-maintainers/attachments/20241121/6cfa92c8/attachment.htm>


More information about the Debian-astro-maintainers mailing list