Date: Wed, 2 Apr 2014 10:31:52 +0200 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Subject: Information on CVE-2014-0158, openjpeg Hi, I just became aware of CVE-2014-0158, which was recently assigned to openjpeg. Looking at the proposed patch (as the description is rather brief), it seems to me that it is a dup of one of the bugs covered by CVE-2013-1447. Quoting from my post to oss-security: > 5. null pointer dereferences, division by zero, and anything that would just fit as DoS (CVE-2013-1447) > [listing the group of issues and attachments] > 5. > [...] > segfault6.patch Which is exactly what is being commented about in , a copy of which is also available at . IIRC without that patch some of the structures were not initialized and applications (like the ones shipped by openjpeg itself) would try to dereference NULL pointers, and just crash - no memory write was involved. Or is there more into CVE-2014-0158 that I might be missing? P.S. testing the encoding functions would probably be like opening another can of worms, if anyone is interested in that. https://bugzilla.redhat.com/CVE-2014-0158 https://bugzilla.redhat.com/show_bug.cgi?id=1082925#c8 https://bugzilla.redhat.com/show_bug.cgi?id=1037945#c11 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ