Reply to post: Re: Stupid

Want to live long and prosper? Avoid pirated, malware-laden Star Wars free vid streams – and pay to watch instead

Michael Wojcik Silver badge

Re: Stupid

programs where such bugs can be exploited in practice are very few and far between

Sure, if by "few and far between" you mean "only numerous documented instances every year for the past decade, and then some". Here's a small sample:

2010: CVE-2010-0028 CVE-2010-0517 CVE-2010-0841 CVE-2010-1513 CVE-2010-1526 CVE-2010-1753

2011: CVE-2011-0170 CVE-2011-0191 CVE-2011-0213 CVE-2011-3402 CVE-2011-4517

2012: CVE-2012-0192 CVE-2012-0977 CVE-2012-1336 CVE-2012-3726 CVE-2012-4988

2013: CVE-2013-1119 CVE-2013-3128 CVE-2013-3894 CVE-2013-5349 CVE-2013-6045

2014: CVE-2014-0301 CVE-2014-0349 CVE-2014-1275 CVE-2014-8158

2015: CVE-2015-0074 CVE-2015-0087 CVE-2015-0088 CVE-2015-0093 CVE-2015-2426 CVE-2015-2545 CVE-2015-3095

2016: CVE-2016-4681 CVE-2016-5157 CVE-2016-7084 CVE-2016-9453

2017: CVE-2017-2925 CVE-2017-3044 CVE-2017-3051 CVE-2017-3055 CVE-2017-8781

2018: CVE-2018-3845 CVE-2018-3999 CVE-2018-4890 CVE-2018-17141

2019: CVE-2019-1150 CVE-2019-1152 CVE-2019-1419 CVE-2019-3574 CVE-2019-5089 CVE-2019-7321 CVE-2019-17244

Those are just for font and image parsing, and only a handful of the code-execution parsing vulnerabilities published in those areas. Parser CX vulnerabilities are widespread and long-standing. Hell, we have CVE-2004-0200 from fifteen years ago.

In other words, you are very much wrong.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020