zhangdeyue added the comment:
I'm confused now. For any program which receive external file, to check the
input file is necessary to do, isn't it? And program error lead to security
bug, that's not right?
The program itself check input file, catch and show some exceptions or
zhangdeyue added the comment:
I agree that it is very small, but I still think it is indeed a security issue,
because it can crash real world program when called by some library used in
Deep Learning ASR project.
Does a CVE assigned have any negative impact on you
zhangdeyue added the comment:
ok, I found this bug when I use librosa-0.5.1 to read audio file in the
audio-classification project -- an ASR project.
(https://github.com/nextco/audio-classification)
In the project, librosa.load function read audio file, and it called wave.open
function
zhangdeyue added the comment:
The CVE email:
The CVE ID is below. Please check whether the vulnerability still
exists in Python 3.6.4, and please inform the software maintainer that
the CVE ID has been assigned: https://bugs.python.org
Use CVE-2017-18207 for this vulnerability in Python
Change by zhangdeyue :
--
keywords: +patch
pull_requests: +4382
stage: -> patch review
___
Python tracker
<https://bugs.python.org/issue32056>
___
___
Python-
