[sdiy] $53 Intel Edison dual 500MHz Atom 1GB RAM SOC board has I2S + Intel Xeon Phi 72 core . . .
Andre Majorel
aym-htnys at teaser.fr
Thu Dec 4 15:43:04 CET 2014
On 2014-12-03 23:21 -0800, rsdio at audiobanshee.com wrote:
> And, this approach [sharing patches] solves the issue with
> viruses and worms because no code is running. Sharing a patch
> cannot be a security risk because it's only data, not
> executables. The worst that can happen from sharing patches is
> that your ears are offended.
Unfortunately, processing data can and does create security
holes. If you look at vulnerabilities databases, you'll see that
hundreds have been found in image viewers, audio/video players,
etc. over the years. One from last month :
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9028
"Heap-based buffer overflow in stream_decoder.c in libFLAC
before 1.3.1 allows remote attackers to execute arbitrary code
via a crafted .flac file."
--
André Majorel http://www.teaser.fr/~amajorel/
More information about the Synth-diy
mailing list