undefined | Better HN

0 pointsXylakant4y ago0 comments

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=jpeg returns 390 results. And that’s jpeg alone. It’s fairly common that you see some sort of media file format parsing bug to lead to command execution.

0 comments

gruez4y ago

But how many of those are actually exploited, and how does that compare to the other vectors I mentioned? Media file exploits seem in same class of exploits as spectre/rowhammer. You hear about them often (not as often as spectre/rowhammer, but I frequently see security fixes being mentioned in media player changelogs), but you rarely hear about attacks that use them.

j / k navigate · click thread line to collapse

0 pointsXylakant4y ago0 comments

0 comments

gruez4y ago

j / k navigate · click thread line to collapse