search for: heap_overflow

On Nov 25, 2014, at 8:27 AM, Declan Kelly <flac-dev at groov.ie> wrote: > > On Tue, Nov 25, 2014 at 12:29:33AM -0800, mle+la at mega-nerd.com wrote: >> >> CVE-2014-9028 : Heap buffer write overflow >> CVE-2014-8962 : Heap buffer read overflow > > Is it known what other FLAC decoding software or firmware is vulnerable > to these overflows? > >

...to get it to restart, but it's not like you > can be doing anything else at the same time you're playing a bad FLAC. > Have I missed something? I think you are underestimating what a motivated cracker can do starting with a simple heap overflow. See: http://en.wikipedia.org/wiki/Heap_overflow Erik -- ---------------------------------------------------------------------- Erik de Castro Lopo http://www.mega-nerd.com/