[Secure-testing-team] Re: [Secure-testing-commits] r5628 - in data:
. CVE
Florian Weimer
fw at deneb.enyo.de
Thu Apr 5 17:40:06 UTC 2007
* Moritz Muehlenhoff:
> CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...)
> - NOT-FOR-US: ZZIPlib
> + - zziplib <unfixed> (unknown)
> + NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
> + TODO: Needs to be checked in sources, if filename is taken from cmd args, this is bogus
It's a library, and the function is exported; the argument is supplied
by the caller. So it's not entirely bogus.
More information about the Secure-testing-team
mailing list