Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 22 Oct 2016 21:05:29 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: jasper: NULL pointer dereference in jp2_colr_destroy (jp2_cod.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c
> 
> AddressSanitizer: SEGV on unknown address 0x000000000000
> 0x7f8dcb5bc940 in jp2_colr_destroy ... jasper-1.900.5/src/libjasper/jp2/jp2_cod.c:443:3
> 
> https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d

Use CVE-2016-8887.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYDAr/AAoJEHb/MwWLVhi24I8QAKtduMTN4eo5SAOfpBYIgLdr
9K4Vlzy3AB73c1TA/d/ck8EiG8WeDeHdU4XgZqpG7ZcEl3Yg8Tu1OZI/eNNS4pFs
z2+TDEzRP71cy7yuX+LwjWFzu5jYDVZl4UYjLS004k5jQ4xvwZ8iuUCP6OmU1lfe
kyaHWsvX5+uGohyz+Wd71pK8/OJockZmsSRDqaFj0ZN2luYB4daOnkUURiQ+b3Km
9m6KfDIDw+x2sS9Ts+YFCU0LY/7Em68hh7qabACjXQql1xuwaGoZsw+30HItKfLo
h41JMuPrEf1LyhJBZrg0URp/+f+Nlq/n3aqwrxRm/iARWw3XsNqrCBPa5QhBCO6e
lWAGB3S8VnfXeFxsirFCy3yacIF0/sUfc3sYNdqOVOKkDPI3vg6bmwgnVefoD3+J
4UY3KZOrGp54Y6vTGGiFBb4JMqRy6TijxoGWUhqRBZH5w9p0mbrcK3bC9iCOYndk
ZCOeC1z+sfXYWSAdsqxInOJlT5WCVBK21qOfIbfcEfJIbaAWQbSZSTQ7OpIM/1K9
IUuZqNWJNAEDXZi1BsxEr34lGFacIpXsCCiVBKBFrON7GKZPwikTrj13R8N1pCtJ
FAFqIZflZDcpOoB80DgYgEZMhMV6QqaKkp6WgdwoTI1XXzrtPCFgfOU++JWmn9p+
oFzCFvJnQ9yyHGdSThSf
=eoij
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ