[flac-dev] Two new CVEs against FLAC

Erik de Castro Lopo mle+la at mega-nerd.com
Wed Nov 26 01:40:13 PST 2014


Brian Willoughby wrote:

> While we're on the topic, what sort of consequences are there, really,
> with this vulnerability? Worst case, your player stops playing on a
> file that cannot be played anyway. Yes, it's bad that you have to
> power-cycle the player to get it to restart, but it's not like you
> can be doing anything else at the same time you're playing a bad FLAC.
> Have I missed something?

I think you are underestimating what a motivated cracker can do starting
with a simple heap overflow. See:

    http://en.wikipedia.org/wiki/Heap_overflow

Erik
-- 
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/


More information about the flac-dev mailing list