Bug#407922: security tag
Nico Golde
nion at debian.org
Tue Dec 4 14:17:10 UTC 2007
Hi Steffen,
* Steffen Joeris <steffen.joeris at skolelinux.de> [2007-12-04 13:05]:
> On Tue, 4 Dec 2007 10:20:59 am you wrote:
> > On Tue, Dec 04, 2007, Steffen Joeris wrote:
> > > I was just reading through the bugreport. Can you please elaborate, under
> > > which circumstances a potential DoS can be performed? At the moment, the
> > > whole issue does not sound very important, but I would like to wait for
> > > your explanation :)
> >
> > My understanding is that a SEGV while playing a MPEG file is a
> > potential security hole, as it can be exploited from videos on the web
> > or similar.
> >
> > I didn't investigate whether this crash is exploitable.
> If a Denial of Service attack can be launched, then a SEGV is a security hole,
> yes. I was just wondering, because the security tag is set.
Well, a SEGV is basically memory corruption and not just a
DoS.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20071204/160274f1/attachment.pgp
More information about the pkg-multimedia-maintainers
mailing list