DSA-4160-1 libevt -- security update
I'm the maintainer of libevt, this security issue
(https://www.debian.org/security/2018/dsa-4160) was brought to my
attention.
It was discovered that insufficient input sanitising in libevt, a
library to access the Windows Event Log (EVT) format, could result in
denial of service or the execution of arbitrary code if a malformed
EVT file is processed.
"the execution of arbitrary code"
where is the proof of these claims?
the bug is a heap read out of bounds until now I've not seen proof of
possible exploitation.
Reply to: