GdkPixbuf Suffers Image Decoding Vulnerabilities
DNAspark99 writes "It seems Multiple vulnerabilities have been reported in GdkPixbuf, which can be exploited by malicious people to DoS (Denial of Service), and potentially compromise a vulnerable system. Personally, I wasn't concerned about this until I ran 'ldd firefox-bin | grep libgdk_pixbuf'" There's no official patch yet, but the article notes several Linux vendors have issued updates. Worth keeping an eye for those who use libgdk_pixbuf under other Unix-style operating systems as well.
sigh Time to tell the idealist in me to STFU.
-paul
Pistol caliber is like religion: everyone has their favourite, and theirs is the only right choice.
I find that alot of people I've worked with in software development have a "get it working, clean it up later" attitude. Usually basic error checking gets thrown in, but "hardcore" security often gets put aside in favour of other projects that need to be done. Thus, I think we end up with a fair amount of possibly shoddy code.
I've never done an audit, because I'm trying to write good code, and it's all I can do to be as "productive" as the others.
I don't think anybody seriously thinks "man, that could be a huge problem! well, nobody will notice".
-- Seq