Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 2 Apr 2014 11:15:30 +0200
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: Information on CVE-2014-0158, openjpeg

On 2 April 2014 11:02, Huzaifa Sidhpurwala <huzaifas@...hat.com> wrote:
> On 04/02/2014 02:01 PM, Raphael Geissert wrote:
[...]
>> IIRC without that patch some of the structures were not initialized
>> and applications (like the ones shipped by openjpeg itself) would try
>> to dereference NULL pointers, and just crash - no memory write was
>> involved.
>>
>> Or is there more into CVE-2014-0158 that I might be missing?
>
> I dont agree with this being only a crash. I put some details at:
> https://bugzilla.redhat.com/show_bug.cgi?id=1082925#c1

I do agree with the overall explanation but from that point on I don't
think there is anything in openjpeg that would lead to a heap write
before triggering a null pointer dereference or an OOB heap read. IIRC
the latter being fixed in general by segfault4.patch, which ensures
that all allocated heap memory is initialized.

> Anyway, this CVE is a dupe, MITRE could you please reject this CVE?

Well, depending on the above this specific bug might be split off
CVE-2013-1447 - the original id covered bugs that could only be
classified as leading to denial of service, nothing more.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ