Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If it causes a crash, that's denial of service, so medium would be appropriate. But it's true that medium CVEs aren't that bad in most situations.


This bug can most likely lead to RCE, proving that it can’t is generally a very difficult problem.

There’s absolutely no reason to assume that it does not lead to RCE, and certainly no reason whatsoever to invest significant time to prove that one way or the other unless you make a living selling exploits.


If you need this kind of security, build ffmpeg with only decoders you find acceptable




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: