[Full-disclosure] BS.Player 2.22 NULL ptr dereference
edi.strosar at varnostne-novice.com
edi.strosar at varnostne-novice.com
Fri Aug 3 20:43:06 BST 2007
Dear 3APA3A,
I didn't mentioned any DoS in my advisory. I clearly
stated that it is a "bug" that will cause an
exception/crash. It is a kind of Null/invalid ptr deref.
The same kind as this is:
http://www.securityfocus.com/archive/1/434280
and not much different than this:
http://www.securityfocus.com/archive/1/461373
Nothing more. The main difference is that it was
"implemented" by the vendor.
http://www.bsplayer.org/en/bs.player/news/new/?article=21&BSPLAYER=76f1ff40d5a7f9f2f44a66edc209ac2a
Thanks for your interest anyway.
Sincerelly,
Edi Strosar (Team Intell)
3APA3A wrote:
>
> Can you, please explain why is this security bug? DoS is not software
> crash, DoS is Denial of Service. It means, security impact of DoS
> vulnerability should be preventing (blocking) access of legitimate user
> to some data or service (via data corruption, service malfuction, etc).
Full-Disclosure is hosted and sponsored by Secunia.