[guardian-dev] stegdetect CVE
Abel Luck
abel at guardianproject.info
Wed Oct 31 04:47:00 EDT 2018
An old project that GP had used for stegnography research has gotten a
CVE submitted against it for an out-of-bound write which causes crashes
and potential CE (I'm guessing).
The details are hazy, but we ported this utility to Android in order to
be able to run stegnographic detection from an App. The effort never
really materialized.
project: https://github.com/abeluck/stegdetect/issues/10
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18599
I've updated the README of the project to make it clear that I don't
maintain the project. Nor am I the original author.
The repo is just a code mirror of the now dead original source:
original (dead): http://www.outguess.org/detection.html
archive:
https://web.archive.org/web/20150415213536/http://www.outguess.org/detection.php
I've no plans to do anything about this. But I wanted to share this in
case anyone is actually using stegdetect.
~abel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 618 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20181031/a2632c70/attachment.sig>
More information about the guardian-dev
mailing list