Date: Thu, 12 May 2016 18:09:46 +0800 From: WinsonLiu <stackexploit@...il.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: Re: CVE Request - OpenJPEG: Security Fixes > > Hi, > > >> Some security issues of OpenJPEG have been fixed. Please consider >> assigning CVE numbers to them. > > >> 2. Issue 775 > > OpenJPEG Out-of-Bounds Access in function opj_tgt_reset of tgt.c > > Fixed via >> https://github.com/uclouvain/openjpeg/commit/1a8318f6c24623189ecb65e049267c6f2e005c0e > > > Is that a different issue than CVE-2016-1924? > Hi Moritz, You are right. Issue 775 was a duplicate of CVE-2016-1924. I didn't notice that limingxing has been reported this issue (reported at http://seclists.org/oss-sec/2016/q1/128 and assigned CVE-2016-1924). I have tested the proof-of-concept file supplied by limingxing and confirmed that issue 775 was a duplicate of CVE-2016-1924. It seems that limingxing did not report it to the official developers because I could not find any information about this issue on GitHub and the official developers did not fix it for a long time. I thought this was a new issue and reported it to them after I did some fuzz testing. Anyway, this issue has been fixed by the official developers now. Regards, Ke Liu of Tencent's Xuanwu LAB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ