Jump to content

20 year old CRITICAL bug in LZO algorithm

WereCat
By WereCat
in Tech News
 Share
Posted

http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html

 

There is serious bug in LZO algorithm which can allow to get infected by watching video or take control over PC by launching malicious code just by playing video (not sure in what extent). This algorithm is one of the fastest and one of the most spread one. This algorithm is used almost everywhere on almost every device. I recommend you to look at the article because there would be too much to quote. Hopefully this will get patched soon.

 

Sorry if repost I havent seen it there.

Link to comment
https://linustechtips.com/topic/172607-20-year-old-critical-bug-in-lzo-algorithm/
Share on other sites
Link to post
Share on other sites
Posted

I am really scared right now for some reason  :mellow:

AMD FX 8320@ Stock - Asus M5A99X Evo R2.0 - Kingston HyperX 8GB 1600Mhz - Corsair Carbide 200R - Powercolor Radeon HD 7950 PCS+OC@970Mhz core 1400Mhz memory - Corsair CS650W - Samsung 840 EVO 250GB 
LG 22EA53VQ 21.5" - CM Storm Xornet - CM Storm Quickfire TK - Creative Inspire T3130 2.1

Link to post
Share on other sites
Posted

Doing more research indicates that the bug was patched.

 

http://www.csoonline.com/article/2375206/data-protection/twenty-year-old-vulnerability-in-lzo-finally-patched.html

I do not feel obliged to believe that the same God who has endowed us with sense, reason and intellect has intended us to forgo their use, and by some other means to give us knowledge which we can attain by them. - Galileo Galilei
Build Logs: Tophat (in progress), DNAF | Useful Links: How To: Choosing Your Storage Devices and Configuration, Case Study: RAID Tolerance to Failure, Reducing Single Points of Failure in Redundant Storage , Why Choose an SSD?, ZFS From A to Z (Eric1024), Advanced RAID: Survival Rates, Flashing LSI RAID Cards (alpenwasser), SAN and Storage Networking

Link to post
Share on other sites
Posted
  • Author

That is great. But for example VLC player is vulnerable to this and last updates were almost 5 months ago.. that is for versions 2.1.3 and 2.1.4 so as long as VLC wont include patch you are still vulnerable. Take that in mind. At least they can now implement it but there is a lot of apps/services/programs that have to do it too.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×