Date: Tue, 22 Nov 2016 19:15:59 -0500 From: <cve-assign@...re.org> To: <ago@...too.org> CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com> Subject: Re: jasper: signed integer overflow in jas_image.c -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c > the commit which fixes the issue is not a fix itself for the > signed integer overflow, but changed a bit how, in jasper, the things work. > jasper-1.900.17/src/libjasper/base/jas_image.c:162:49: > runtime error: signed integer overflow: 8543608947741818625 * 15 cannot be > represented in type 'long' > https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a Use CVE-2016-9557 for the issues addressed by these d42b2388f7f8e0332c846675133acea151fc557a changes: Some problematic types like uchar, ulong, and friends have been replaced with names with a jas_ prefix. ... An option max_samples has been added to the BMP and JPEG decoders to restrict the maximum size of image that they can decode. This change was made as a (possibly temporary) fix to address security concerns. ... Some new integer overflow checks were added. ... Some new safe integer add/multiply functions were added. (max_samples has a default of 64 Mb or 128 Mb in different parts of the code.) - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYNN5mAAoJEHb/MwWLVhi2PqwP/RE8yNmQrXTrAhA7RpB9MxLv AoBQfv6ap9aaF/K4UgMSLxny6eojVBkz6Ju0nlIfD8KGXQX3DvGCHdjPRFfi8vfe 5S63tmUz0me6PPfkoHnd8uro1z12St46TvMZQv4XeTi0U+FQWzQFtjBn7A7YLKdo DAzZn/FXbB9s7RGXSY1A0O+0u0sxLN1pJeVODBDfcSyZarruYMQD1cAYtLGJsmD2 D61l6Xk9GcZabxAzhL6rHtQR2ZSxbjtDWfHrgui/retHALcIxSFlr5tLVC6h+4Av NDfwOQuTlMh0aXb9AyCoGaXUt4N7dMLEO+uFoDNWoprPabA4QChaTUizr0QG2lIh w8wnJ83veuhnp3FUNwtBjjwS4Cy8x0rqrWSFggFBKUzbvieQlOa8zbzhzM5ldMgy ULzJ9eg+xNeVlAwp19YfNfEFif4LnkdHiybUIkwk8ErV49EgVeXKIc+XPYdgrjsK CxdO783e4Putc1jjNNI869bbO2P2eOBUwTIcA2c55UceKsSTlMg/NLEbQsKXnMMF liXpxyLf65Kc5lZBEzSCONBoz8h6Hb7Oq1kp2ekaUCjA8RJpunOobA2DGe5FIksh 4xXe/xan+GTLkOLbqoPg5tWSI0uSYvDV57bmQZPopqFbyKP4//3NZsHcS9NUWYFh orerLmhz6lsZ4Ri5Q+8P =Za2r -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ