Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 12 May 2015 14:33:55 -0400 (EDT)
From: cve-assign@...re.org
To: lcars@...rt.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: [oCERT-2015-006] dcraw input sanitization errors

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> an integer overflow condition which lead to a buffer overflow. The
> vulnerability concerns the 'len' variable, parsed without validation from
> opened images, used in the ljpeg_start() function.

> https://github.com/LibRaw/LibRaw/commit/4606c28f494a750892c5c1ac7903e62dd1c6fdb5
> https://github.com/rawstudio/rawstudio/commit/983bda1f0fa5fa86884381208274198a620f006e
> http://www.ocert.org/advisories/ocert-2015-006.html

Use CVE-2015-3885.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVUkc+AAoJEKllVAevmvmsyYwH/13dB8lcpUnYyyuswusPp7XA
mrfbvB2SO7vuDDSrf3ppdtiFtlzsOtbhDoBE7b4AHz3w+cbp8fBOED543gVTBRni
oGTwMb4enGL3a7l/nTytWqqerlyY5gK7EUq2nHEGE/RbZgeTOsGV0Qp90mIChwTz
g19zhl3lKK6JCbxI5jhMqiU32KACInFvmJ0+ueN5Pbr7noTC71xIj6ZXpiIOWHEH
5m/O4qti0iOwDvtqiapoUABwkPAwj81kWwdeIsE8gu0+Qjd29VZorpi/yP9sMqLQ
BMFcRgDTzV+e3an/l0BOo+myuc9wRyw80ZzbfofF3GDxO4t2ZZLsZfYm+XoHZUI=
=+nnf
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ