[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

DSA-4160-1 libevt -- security update

I'm the maintainer of libevt, this security issue
(https://www.debian.org/security/2018/dsa-4160) was brought to my

It was discovered that insufficient input sanitising in libevt, a
library to access the Windows Event Log (EVT) format, could result in
denial of service or the execution of arbitrary code if a malformed
EVT file is processed.

"the execution of arbitrary code"

where is the proof of these claims?

the bug is a heap read out of bounds until now I've not seen proof of
possible exploitation.

Reply to: