Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 09 Dec 2016 16:44:17 +0100
From: Adam Maris <amaris@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2016-9580 CVE-2016-9581 openjpeg2: heap buffer oevrflows

Hello,

We've assigned CVEs for following issues:

> https://github.com/uclouvain/openjpeg/issues/871

CVE-2016-9580 integer overflow in tiftoimage resulting into heap buffer
overflow

> https://github.com/uclouvain/openjpeg/issues/872

CVE-2016-9581 infinite loop in tiftoimage resulting into heap buffer
overflow in convert_32s_C1P1

Both were fixed by https://github.com/szukw000/openjpeg/commit/cadff5fb
6e73398de26a92e96d3d7cac893af255

Regards,

-- 
Adam Mariš, Red Hat Product Security
1CCD 3446 0529 81E3 86AF  2D4C 4869 76E7 BEF0 6BC2 

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ