Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 22 Nov 2016 19:19:59 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: jasper: stack-based buffer overflow in jpc_tsfb_getbands2 (jpc_tsfb.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c

> AddressSanitizer: stack-buffer-overflow
> WRITE of size 4

> https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495

> jpc/jpc_dec.c

Use CVE-2016-9560.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYNN57AAoJEHb/MwWLVhi28acP/3hSYAIq1eaWbaNey2wlw+nX
MAyAYntbtqAmEiH20z4UYPx3z1PFkC47rkTEuXqCuGlf0eCRWckKs1/v83EXMDoX
yIzsX9tlXMDvYGrJt9Z7bz4AB3H8g2aEuGgq6CdtHt6IuVzNugqwtiXKSNPsclfl
bZ0mKlwICSoCSeKZ4lpxdsmkI06MKAqP3/DW0CPH15BJJ1yNXIvtE69+T5+TkdPR
DZbno/EnnBGkrnJpuMDD1yErFyVzeZcqTMaEnfS7+dmglu5PlrrbG4+/BVKNnIRU
J8BNYcaZbCCL/9L75aXWKtVLiXGF7+yeNDMFpKFPSVxlcXOmHcVmomplFCnv6z5b
ecMLx3gg/Jn1fiZJDjVS31UtaqMSnlYzxPkRNkOBJzacniWWsieMgYGfW8wR2XPY
bxCFFec0YAbck+Im0+QbNM9iTUpL3h462SIoN983AmCscF7hj7UGMcrfS+uIxNDo
7sbTAPHwNk+/5Rqn0Z+ZJLPfc2STDFfKBKH2vViq1wTjmfO+CsGwyknVoKzx7KJq
/NYhRKuMMnPTFscBgPe+wB2CpCRGD9NbrirL+uW+i+dnocHUldHLhenJuSvUdNIO
Y/TOXveXXJmP//iRPcOpACJpCcFHd3DVF61G0R6UPc01gprTzUAmy+FliqXAfFuw
b3ZoLRfyAny0Vg2BQaOG
=H8km
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ