Date: Tue, 15 Sep 2015 17:33:55 +0200 From: FEIST Josselin <josselin.feist@...il.com> To: oss-security@...ts.openwall.com Subject: CVE Request : Use-after-free in openjpeg Hi, Use-after-free was found in openjpeg (https://github.com/uclouvain/openjpeg). The vuln is fixed in version 2.1.1 and was located in opj_j2k_write_mco function. More details are available here : https://github.com/uclouvain/openjpeg/issues/563. Is it possible to get a CVE for this ? Credit goes to the static analyzer Gueb. Best regards, Feist Josselin / //Timeline :// //14 August : use-after-free found and reported // //6 September : use-after-free fixed/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ