Comment by ravachol
2 years ago
"Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file."
I don't know how relevant these vulnerabilities are to kew, which isn't run across the network in any way, it just reads your local files.
Thank you for bringing this to light. I don't know how feasible it is to use something other than freeimage though, gonna have to investigate.
It is still relevant because sometimes those local files come from the network and aren't trusted.
Looks like a nice project, I like the terminal album art display :).