On Thu, 2016-06-02 at 17:39 +1000, Brian May wrote: > Hello, > > Do we care about vulerabilities that are specific to HFS+? > > http://www.talosintel.com/reports/TALOS-2016-0093/ > CVE-2016-2334 If a program automatically detects file formats then every supported file format is part of its attack surface. I don't think we can rule out certain formats as too obscure. (See for example the recent attacks on ImageMagick/GraphicsMagick using a format that most people never heard of before. The fix there was to disable support for that format by default.) Ben. -- Ben Hutchings All the simple programs have been written, and all the good names taken.
Description: This is a digitally signed message part