(www.bleepingcomputer.com)

174 points andy99 | 1 comments | 06 Apr 25 17:21 UTC | HN request time: 0s | source

Show context

3eb7988a1663 ◴[06 Apr 25 18:06 UTC] No.43603491[source]▶

Maybe the headline should note that this a parser vulnerability, not the format itself. I suppose that is obvious, but my first knee-jerk thought was, "Am I going to have to re-encode XXX piles of data?"

replies(2): >>43603869 #>>43604836 #

brokensegue ◴[06 Apr 25 18:46 UTC] No.43603869[source]▶

>>43603491 #

What would it mean for the vulnerability to be in the format and not the parser?

replies(3): >>43603925 #>>43603966 #>>43606334 #

1. dist-epoch ◴[06 Apr 25 18:52 UTC] No.43603925[source]▶

>>43603869 #

Macros in old Microsoft Word documents were quite a popular attack.

↑

Max severity RCE flaw discovered in widely used Apache Parquet