saruman9
commented
6 months ago One of the possible paths of execution:
./opusfile/opusfile.c:
op_open_file -> op_open_close_on_failure -> op_open_callbacks -> op_open2 -> op_open_seekable2 -> op_open_seekable2_impl -> op_bisect_forward_serialno -> op_predict_link_startSIGFPE: https://github.com/xiph/opusfile/blob/9d718345ce03b2fad5d7d28e0bcd1cc69ab2b166/src/opusfile.c#L1089
Trigger: crash.zip
Hello! I was doing vulnerability research on a project that uses your library as a dependency. During the research, I found a vulnerability that I have already informed the vendor about. It's been a long time, but the vendor hasn't passed the information on to you, so I decided to do it myself. Although the vulnerability is not critical, I would still like to know which secure channels I can use to send information about the vulnerability so that you can also check it? I could not find an email intended for such purposes, nor a PGP key, nor anything else. Thanks.