Date: Wed, 2 Apr 2014 11:15:30 +0200 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: Information on CVE-2014-0158, openjpeg On 2 April 2014 11:02, Huzaifa Sidhpurwala <huzaifas@...hat.com> wrote: > On 04/02/2014 02:01 PM, Raphael Geissert wrote: [...] >> IIRC without that patch some of the structures were not initialized >> and applications (like the ones shipped by openjpeg itself) would try >> to dereference NULL pointers, and just crash - no memory write was >> involved. >> >> Or is there more into CVE-2014-0158 that I might be missing? > > I dont agree with this being only a crash. I put some details at: > https://bugzilla.redhat.com/show_bug.cgi?id=1082925#c1 I do agree with the overall explanation but from that point on I don't think there is anything in openjpeg that would lead to a heap write before triggering a null pointer dereference or an OOB heap read. IIRC the latter being fixed in general by segfault4.patch, which ensures that all allocated heap memory is initialized. > Anyway, this CVE is a dupe, MITRE could you please reject this CVE? Well, depending on the above this specific bug might be split off CVE-2013-1447 - the original id covered bugs that could only be classified as leading to denial of service, nothing more. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ