On Mon, 16 Oct 2017 18:48:16 +0900, Joonun Jang <joonun.j...@gmail.com> said:
> Package: ufraw-batch > Version: 0.22-1.1 > Severity: normal > Running 'ufraw-batch --conf' with the attached file raises a NULL > pointer dereference, which may allow a denial-of-service attack of a > malicious attacker. [...] Hi Joonun, Thank you for the bug report. It looks like you are passing the poc file as the argument for the configuration file. I don't think this is a big security issue, since I don't think that it is normal to pass a configuration file that was generated by another person. Nevertheless, it obviously shouldn't segfault. I think that "Severity: normal", as you've filed it, is the correct severity for this bug. Thanks -- Hubert Chathi <uho...@debian.org> -- https://www.uhoreg.ca/ Jabber: hub...@uhoreg.ca -- Matrix: @uhoreg:matrix.org PGP/GnuPG key: 4096R/F24C F749 6C73 DDB8 DCB8 72DE B2DE 88D3 113A 1368
