But Not In the Way You Might Think
For the uninitiated, I recently uncovered a vulnerability in LZ4 during triage with the Linux kernel team on a separate but very similar issue in LZO. Ludwig Strigeus uncovered the issue over a year ago and posted it to the LZ4 Google Code bug issue list. Rather than hand waving over the resulting mis communications and bug dismissal that followed, let's focus on the facts
more here...........http://blog.securitymouse.com/2014/07/i-was-wrong-proving-lz4-exploitable.html
For the uninitiated, I recently uncovered a vulnerability in LZ4 during triage with the Linux kernel team on a separate but very similar issue in LZO. Ludwig Strigeus uncovered the issue over a year ago and posted it to the LZ4 Google Code bug issue list. Rather than hand waving over the resulting mis communications and bug dismissal that followed, let's focus on the facts
more here...........http://blog.securitymouse.com/2014/07/i-was-wrong-proving-lz4-exploitable.html