I've asked upstream if this is a security issue, and if so, what its CVE
is, in https://github.com/merces/libpe/issues/34 >.
As far as I can tell, it is writing past the assigned buffer, which
might be a security issue.
--
Happy hacking
Petter Reinholdtsen
I asked for an unblock from the release team in
https://bugs.debian.org/988095 >.
--
Happy hacking
Petter Reinholdtsen
Since it can corrupt adjacent heap chunk metadata, this definitely looks
like a security issue to me.
On Thu, May 6, 2021 at 9:29 AM Petter Reinholdtsen wrote:
>
> I asked for an unblock from the release team in
> https://bugs.debian.org/988095 >.
>
> --
> Happy hacking
> Petter Reinholdtsen
>
3 matches
Mail list logo
