Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 12 May 2016 18:09:46 +0800
From: WinsonLiu <>
Subject: Re: Re: CVE Request - OpenJPEG: Security Fixes

> Hi,
>> Some security issues of OpenJPEG have been fixed. Please consider
>> assigning CVE numbers to them.
>> 2. Issue 775
> OpenJPEG Out-of-Bounds Access in function opj_tgt_reset of tgt.c
> Fixed via
> Is that a different issue than CVE-2016-1924?

Hi Moritz,

You are right. Issue 775 was a duplicate of CVE-2016-1924.

I didn't notice that limingxing has been reported this issue (reported at and assigned CVE-2016-1924). I have
tested the proof-of-concept file supplied by limingxing and confirmed that
issue 775 was a duplicate of CVE-2016-1924. It seems that limingxing did
not report it to the official developers because I could not find any
information about this issue on GitHub and the official developers did not
fix it for a long time. I thought this was a new issue and reported it to
them after I did some fuzz testing. Anyway, this issue has been fixed by
the official developers now.

Ke Liu of Tencent's Xuanwu LAB

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ