Date: Tue, 29 Nov 2016 17:29:39 -0500 From: <cve-assign@...re.org> To: <dmoppert@...hat.com> CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com> Subject: Re: openjpeg CVE-2016-3181, CVE-2016-3182 .. and CVE-2013-6045 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > https://bugzilla.redhat.com/show_bug.cgi?id=1382202 > The reproducer [of https://github.com/uclouvain/openjpeg/issues/725] happens to tickle > a flaw in a patch for CVE-2013-6045 that was posted here back when: > > http://seclists.org/oss-sec/2013/q4/412 > > segfault-1.patch uses: > > + tilec->data = (int*) opj_aligned_malloc((comp0size+3) * sizeof(int)); > > which should have used compcsize instead of comp0size. > > Upstream never included this patch - deeper work went into eliminating this and > other issues in openjpeg-1.5.2. The patch that addresses this particular issue > seems to be 69cd4f92 (hunk starting /* testcase 1336.pdf.asan.47.376 */). > > https://github.com/uclouvain/openjpeg/commit/69cd4f92 > https://github.com/uclouvain/openjpeg/issues/297 > > This hasn't been an issue in upstream openjpeg releases for a long time ... > but there are LTS distributions around still shipping 1.5.1 (or 1.3) with the > patches from here applied. Those should preferably upgrade to 1.5.2: changing > comp0size to compcsize eliminates this particular crash ... Use CVE-2016-9675 for this vulnerability, stated to have a "crash or possible code execution" impact, that results from mistakenly using the comp0size variable (instead of compcsize). - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYPgC5AAoJEHb/MwWLVhi2hbcP/1RHpatrKyMXBx7glnwHES3y RzIKPd/DHgpd4DoXVjHCv9EFnkLbcGT1r9efX1GZKxi5SKDRtdPr8X6430mYk5Pu VilIA+8npB3rfaOncVLGJ24jrlcxrp2UF+w+5soWa442PEtd45UtY2WxLcXsIdtq z3cmoVcYcCyWan5aQjFBJEssNk7c5vglt/6nxW2jrmZpOqMYcPt9XlcfbZRk8T19 501bqoURLLhy5YL9+jKQdUtPhbaf+JSVqyHxOqOg+xrVd1AqIaWvJ7evVRaVYlWB +agVEVb2uviA6UB9OQKPK0UkHRRYWW4uvCnQS6zOvCs4U6PdEcHZMXtdp8LrRQI4 F28az8rxpfnU9aHE3Syu6zlqy27ZbwLorLEL43FjeduhMxbxaPiatU6lubVawZf3 UV0YyEx7hSMQ/xFTG8HtJ1cwZf4hLqDK0idABBEW6PNR1eyFoHbMG/tMOUX439fy qyvSAJ69YS4ftXTihKWMNOA7Z0kOgN87rZMU3A7Uh9Boy7y3IobmrRMaD2VdE3aW OF4Sa2dLyHV+/LKmC3n/o60dGVJDyNALhdGNtnG8MoQVwFhhr7Db4LPpLSWPKc2I 3LgTaLbxdjctvZLU/aWjF/YEaGDeWHtsWfP0XnBEceaGIxl5tddhIhfjTN14Rb89 Y6Lf6hQUSq1ZoR8Rpkc+ =riCJ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ