Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu,  7 Jan 2016 21:41:57 -0500 (EST)
From: cve-assign@...re.org
To: limingxing@....cn
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Integer overflow in the JasPer's jas_matrix_create() function

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

>> https://bugzilla.redhat.com/show_bug.cgi?id=1294039

> We find a vulnerability in the way JasPer's jas_matrix_create()
> function parsed certain JPEG 2000 image files.
> 
> jas_matrix_t *jas_matrix_create(int numrows, int numcols)
> {
>         .......
> 
>         if (matrix->maxrows_ > 0) {
>                 if (!(matrix->rows_ = jas_malloc(matrix->maxrows_ *
>                   sizeof(jas_seqent_t *)))) {
> 

> matrix->maxrows_ > 0 ,but matrix->maxrows_ *sizeof(jas_seqent_t *)
> can cause Integer overflow.
> 
> Despite this library is used by many programs
> (http://www.ece.uvic.ca/~frodo/jasper/#overview), there is no one
> providing support.

Use CVE-2015-8751.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWjyCOAAoJEL54rhJi8gl5RR4P/3pDkCnol/Y59Nv9pK1kgVr0
Mas2O+hkbbbQRKBtgPs01mACYZDjEontPtUib+oA2F0hFcb/TisQHf611b3SoDI+
vxoSMA/qCXO66l7wpE7FmTOPYDCErpLtWEuYGC152BtEsaENE1vIwRYWx4Jshlem
5XT8LATuUxAC82TObRMr1A5gvDcdgNV9vqmyoDtyAGU725wA9VXWgFAG/CYBbLUC
wzdqAQ3v1p0cDL63MWfg1vGIxkpY6P7dU8yfQUbBflstfKg5m+z6WmFZdmalJbeO
uo3bknyP651xKge8PDN6ftfJbsW15fOFM4M1a3Ei+hqylgbqDF0GbfHn7XP3cMZy
KN2a18Xpj09EWcmZAccaYR26Bc6KY5/9ss8akviQ/BkW2dhoDBdk5Rtt4Fj/w34e
o//6kv40U8BXa5HAwizagP3Ifzgc8SDXi1RRJgx42bKECrs2YWDNIG5h/+6rNVaV
+NV3wRvVc98akqsAz85h4M/OEYHEuhOTnN1TNolD6HqsLU3cQV/r36zXF9xzYOcw
m8Oc+Yyb6sWaMSmNQhwvVuyhtc7qtIA8yKEpeRfzIjJf861nYp+N9cTUbjW3+elx
zSOuxO6sWcJwQ91igQCILNe3CGPmUtQ1DIpdLPFNTUZ4EJyAuHQ6efqB3+U16kjb
6Suu6bvueINOqi+9q0Ff
=1CNW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ