[Debian-astro-maintainers] Bug#1087911: Bug#1087911: Memory leaks in dcraw
Thorsten Alteholz
debian at alteholz.de
Thu Nov 21 12:59:45 GMT 2024
Control: severity -1 normal
On 20.11.24 06:28, Ajin Deepak wrote:
> Found a memory leak in the latest version of dcraw.
Did you already apply for a CVE number?
>
> Impact:
>
> Memory leaks can create vulnerabilities. Attackers might exploit them to degrade service (denial of service attacks) or infer information about memory layouts, aiding other exploits.
> These also affect the previous versions too.
This is ridiculous! dcraw is a CLI tool. What kind of service do you
want to degrade? What kind of information can be leaked and on which way?
In the past similar bugs have been been rated as "unimportant" or
"minor" by the Debian Security Team. What evidence do you have that this
bug is different?
Setting severity to normal again.
Thorsten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-astro-maintainers/attachments/20241121/6cfa92c8/attachment.htm>
More information about the Debian-astro-maintainers
mailing list