[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Notice: in file [ROOT]/includes/session.php on line 2208: Array to string conversion
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4688: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4690: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4691: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4692: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
Poco Forums • View topic - Poco and the JPEG vulnerability

Poco and the JPEG vulnerability

Discussion not related specifically to one of the topics below

Moderators: Eric, Tomas, robin

Poco and the JPEG vulnerability

Postby robin » Tue Sep 28, 2004 11:10 pm

Given the recent discovery of the Microsoft Windows JPEG component buffer overflow vulnerability, where does PocoMail and Barca stand with respect to the JPEG preview component embedded in them? Does it use the GDI+ component provided by MS (and therefore which should be patched when the appropriate update is applied) or a third party component. If the latter, then is it safe from the vulnerability?
robin
 

Re: Poco and the JPEG vulnerability

Postby Kaigan » Tue Sep 28, 2004 11:26 pm

robin wrote:Given the recent discovery of the Microsoft Windows JPEG component buffer overflow vulnerability, where does PocoMail and Barca stand with respect to the JPEG preview component embedded in them? Does it use the GDI+ component provided by MS (and therefore which should be patched when the appropriate update is applied) or a third party component. If the latter, then is it safe from the vulnerability?


Is the same vulnerbility noted on the latest news on the Pocosystems home page? :wink:


Peter
Kaigan
Poco Enthusiast
 
Posts: 211
Joined: Sun Jul 25, 2004 6:58 pm

Postby Pete » Wed Sep 29, 2004 5:33 am

Yes, but the link that PSI gives on their home page mostly lists Microsoft's applications. I think that Robin has asked a great question, and it would be nice if someone from PSI confirmed that they themselves have seriously investigated this. If true, then why doesn't it affect PocoMail? Is it safe because PM was written in Delphi or is it safe because of a different reason?
Pete
 

Postby robin » Wed Sep 29, 2004 6:32 am

I apologise - I'd not seen the note on Poco's homepage (don't have reason to go there often :) ), however I'm still curious why PocoMail / Barca are not effected - presumably because they use a non-MS component?
robin
 

Postby Kaigan » Wed Sep 29, 2004 8:06 am

robin wrote:I apologise - I'd not seen the note on Poco's homepage (don't have reason to go there often :) ), however I'm still curious why PocoMail / Barca are not effected - presumably because they use a non-MS component?


No need to apologize as I only saw it because I was going to the forums from work and wasn't sure of the URL. Surfed to the main page and noticed the article. :?


Peter
Kaigan
Poco Enthusiast
 
Posts: 211
Joined: Sun Jul 25, 2004 6:58 pm

Postby robin » Wed Sep 29, 2004 8:34 am

I appreciate the heads-up - the apology was to Jim and Slaven :)
robin
 

Postby Slaven » Fri Oct 01, 2004 4:36 am

It's simple - we don't use GDI+ for JPEG since we need to rely on libraries that are available on all systems. Microsoft deploys it with many of their applications so they rely on it.
Slaven Radic
Poco Systems Inc
Slaven
Poco Systems Inc
 
Posts: 1644
Joined: Fri Jul 23, 2004 7:37 pm

Postby Slaven » Fri Oct 01, 2004 4:40 am

To add: we tested it as well, I can share a test JPG file for those that want it.
Slaven Radic
Poco Systems Inc
Slaven
Poco Systems Inc
 
Posts: 1644
Joined: Fri Jul 23, 2004 7:37 pm

Postby Pete » Fri Oct 01, 2004 5:10 am

Thanks for the info, Slaven. This news is very reassuring.
Pete
 

Postby Slaven » Fri Oct 01, 2004 5:15 am

Unfortunately, WinXP is so vulnerable to this bug that even hovering your mouse over the "bad" JPG in Windows Explorer (not in PocoMail or Barca) will trigger the vulnerability - so you better patch up (not you personally Pete)! :)
Slaven Radic
Poco Systems Inc
Slaven
Poco Systems Inc
 
Posts: 1644
Joined: Fri Jul 23, 2004 7:37 pm

Postby robin » Fri Oct 01, 2004 9:38 am

Thanks for the re-assurance Slaven.
robin
 


Return to General Discussion

Who is online

Users browsing this forum: antameexek and 1 guest

cron