spelling correction.
while mat2 has both a thread model (a thread pool that strips metadata in parallel) and a threat model (a list of malicious adversaries and their capabilities that we are trying to defeat), i think this paragraph is talking about the latter.
This commit is contained in:
Daniel Kahn Gillmor
parent
072ee1814d
commit
2d9ba81a84
@ -64,7 +64,7 @@ to the filesystem. This ensures that every metadata is removed.
|
||||
XML attacks
|
||||
-----------
|
||||
|
||||
Since our thread model conveniently excludes files crafted to specifically
|
||||
Since our threat model conveniently excludes files crafted to specifically
|
||||
bypass MAT2, fileformats containing harmful XML are out of our scope.
|
||||
But since MAT2 is using [etree](https://docs.python.org/3/library/xml.html#xml-vulnerabilities)
|
||||
to process XML, it's "only" vulnerable to DoS, and not memory corruption:
|
||||
|
||||
Loading…
Reference in New Issue
Block a user