Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 Apr 2014 10:31:52 +0200
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Information on CVE-2014-0158, openjpeg

Hi,

I just became aware of CVE-2014-0158[1], which was recently assigned
to openjpeg.
Looking at the proposed patch (as the description is rather brief), it
seems to me that it is a dup of one of the bugs covered by
CVE-2013-1447.

Quoting from my post to oss-security:
> 5. null pointer dereferences, division by zero, and anything that
would just fit as DoS (CVE-2013-1447)

> [listing the group of issues and attachments]
> 5.
> [...]
> segfault6.patch

Which is exactly what is being commented about in [2], a copy of which
is also available at [3].

IIRC without that patch some of the structures were not initialized
and applications (like the ones shipped by openjpeg itself) would try
to dereference NULL pointers, and just crash - no memory write was
involved.

Or is there more into CVE-2014-0158 that I might be missing?

P.S. testing the encoding functions would probably be like opening
another can of worms, if anyone is interested in that.

[1]https://bugzilla.redhat.com/CVE-2014-0158
[2]https://bugzilla.redhat.com/show_bug.cgi?id=1082925#c8
[3]https://bugzilla.redhat.com/show_bug.cgi?id=1037945#c11

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ