How to get in touch regarding a security concern about abcm2ps HOT 6 OPEN

I don't see the use of this SECURITY.md file: my email can be found from my site (its reference is in README.md).
Up to now, I had reports from various security research communities, but none was containing critical bugs: crashing the program does not destroy any information in the computers of the users, and this cannot extract private data.
On the other side, yes, some buffer overflows have been reported, but I don't see how a malware could be inserted in the readable texts my users expect.

from abcm2ps.

I was considering running this on a server which accepts arbitrary user input without authentication. Crashing the program and buffer overflows can often be turned into arbitrary code execution, which would allow anybody with access to my website to run arbitrary code as the user account which runs abcm2ps. I'd like to not have everybody on the Internet running whatever code they'd like on my server.

from abcm2ps.

I don't see running abcm2ps in a server as a good idea. It is mainly a batch program that is better run in users computers.
If you want to offer music from a server, it is better to move the computation to the users, and the best way for that is ECMAscript. That's why I created abc2svg.

from abcm2ps.

Just to add to this, the report we received ended up being invalid - so nothing to share from our side.

from abcm2ps.

@moinejf yeah, I found abc2svg a couple hours later. I abandoned ABC though as I couldn't get verse+chorus repeated parts to render after several hours with either abc2svg or abcm2ps using the P repetitions thing. I may add ABC support later as a side feature, but it will not be the core of the site as I had been previously considering.

from abcm2ps.

What is the problem with abc2svg? Have you any example?

from abcm2ps.