Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 18 Sep 2016 10:40:06 -0400 (EDT)
From: cve-assign@...re.org
To: vul@...safe.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request - openjpeg null ptr dereference

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> AddressSanitizer: SEGV on unknown address
> 
> https://github.com/uclouvain/openjpeg/issues/843

Use CVE-2016-7445.

(A NULL pointer dereference is within the scope of CVE when it affects
a library that can realistically be used to build a multiple-input
application. For example, openjpeg-nullptr-github-issue-842.ppm
crashes the application, and the application was supposed to have
remained running to display other images in other windows.)

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX3qbJAAoJEHb/MwWLVhi2dMIP/1Gynw4G1wvocXs2eT0FqQrA
WpR15GQzvHzMbVoeKcG9dLx+kGU/VbZXqxPv1EAFFPa6/Tv9ZOnbD2Kj6nmO1W1k
tF/jLpeViTxqnvZEVJ9HSFBC5sVj/SEj1QV4/C31Uv1WRyu2XeTJfxWfjzsT4ts5
nxbwqZAFJFCnXTjPMh2a1LIp+NBd1J8v/ohsHfZsPYQMO8FeXtJ6zuOKeO2hDiFo
krPkMMELB/0HSHd4LQ7KLgAWyUeVyfcpWliVUyAMzXRm0XkDeEwec/7LAVAXeD3y
CA7w6CVy8dPa3cA8sGcphSWKCdt0iq+DJBAT2VvpGC5XSzD+c32cwB4ME5wxr/tB
KIi3Wg9iuv7jZLykPz4Ir5HlDNO+6FJ9hAZYHSQVHoq+Z3d1TX84Msk8EkuFZsNi
tEutJ7/Tg8Yfwn5QnVtaKIq9vMBSeyEdN8CChQyS/iuS+LNtIxTMdiSXT6Z2B9cL
MJ56Vz35ArTpil3jF4SlKyeTE2tikdOmg0rjr8jbhpIeCXDTjM/HJ60ekkjdQids
L5erXn3RfYKKequqNVLIhejzHir1DXa+cfplvPRTDD8FIXOZyjw+0yCfyI64rY8V
4ucN0O5dzpMNzO+KNErIxX8E5Sea0ERPhnp97sYDwIpEtcn0Lu2odsjVtnIzOdAq
5BdJZ0sBPI/EM7bXZJDc
=EcEl
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ