Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
It goes beyond images; it seems we get a vulnerability about video or sound on a weekly basis,
too. It seems that few programs thoroughly verify their input, even when it likely comes from
untrusted sources on the net.
Image handling vulnerabilities
Posted Apr 25, 2008 0:54 UTC (Fri) by bronson (subscriber, #4806)
Notice how there's never vulns with decoding PCM sound files. Why? Because PCM is easy.
The more complex a file format, the harder it is to get right. Packetized streams like MPEG
and AVI are outrageously complex to decode and process. It requires huge amounts of code with
non-trivial stateful interaction between components.
I'm not sure it's even possible to thoroughly verify a zip archive, much less an MPEG stream!
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds