> Orchid Win7 v1 <voi### [at] devnull> wrote:
>> There appears to be plenty of software that incorrectly treats various
>> size values as signed integers. (E.g., programs that malfunction on
>> files larger than 2GB because they think the file size has become
>> "negative".)
>
> Can you give me a scenario where that produces a buffer overflow?
>

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0894
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1573
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0915
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3966

More at:

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=BMP
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=JPG
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=PNG
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=MP3
Etc...
-- 
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/*    flabreque    */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/*        @        */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/*   gmail.com     */}camera{orthographic location<6,1.25,-6>look_at a }

Post a reply to this message