On Tue, Nov 25, 2014 at 12:29:33AM -0800, mle...@mega-nerd.com wrote: > > CVE-2014-9028 : Heap buffer write overflow > CVE-2014-8962 : Heap buffer read overflow
Is it known what other FLAC decoding software or firmware is vulnerable to these overflows? Any software player that was derived from the official FLAC codebase probably is, and most active 3rd party developers will probably get a new release out soon anyway, even if their code was not vulnerable. Embedded systems with native FLAC playback, such as DVD players and portable devices, may never get updated. -- -Dec. --- (no microsoft products were used to create this message) "Mosaic is going to be on every computer in the world." - Marc Andreessen, 1994 _______________________________________________ flac-dev mailing list flac-dev@xiph.org http://lists.xiph.org/mailman/listinfo/flac-dev