Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 12 Jan 2017 21:42:49 -0500
From: <cve-assign@...re.org>
To: <dileep.chinu@...il.com>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: MUJS null pointer dereference and Heap buffer overflow write

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> 1. Null pointer dereference in regexp.c
> 
>     The return value from malloc is not properly checked before
> dereferencing it which can result in a crash.
> 
> https://bugs.ghostscript.com/show_bug.cgi?id=697381
> http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569

Use CVE-2016-10132 for all of
fd003eceda531e13fbdd1aeb6e9c73156496e569.


> 2. Heap buffer overflow write in jsrun.c: js_stackoverflow()
> 
>     There was a logical error in the code which can be used to trigger a
> heap overflow write.
> 
> https://bugs.ghostscript.com/show_bug.cgi?id=697401
> http://git.ghostscript.com/?p=mujs.git;a=commit;h=77ab465f1c394bb77f00966cd950650f3f53cb24

Use CVE-2016-10133.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYeD4KAAoJEHb/MwWLVhi2tNQP+gO/jAYeCK8O03qGyZW4HR9K
LeI+GjI0nU1ZD6VY5ynAl+4bXTGSNjpL7sh6nPdI3RKtEFpCpiQBlfiUfAB93Cae
YlINFDpjEH24fFSlmVrIGoisR3SodhuUjOqwTkhtw9SnxbnkpXtJzyJnwLgjic6f
c0BsAAirhQ0WiEMG0XJPgbdhNixH8xj5JP8iEbB3nGAiIkQb5CjCW74iuXNsZjOW
ZcYM67PyEGs1CoXYlaWMYSLZSHu5U6eAqQ7oE8HYZQgBMEpCKgkhH54ex0otWk9Y
Xt/8RIzY3WR10kQa7aisGydnfz0eAcRR91KOsSr3wcZ23Tihvg+O+kuMA+VjChG1
UnB2mroYPlFEEghSY8kqECWQ0nvGnKDZ4RvsEZzaMBms4K/4thDtnfBo3TVVJvAl
otYqNIeIMelKOi8Fev4bipAJmGn3JNbaTgOeBSp+TgetI+wCZmBsUZoVn9nxD/Dt
A3XgmZBguPRTrMUl1TYys0Vl8iIHZdn/NJiplKy3utFmGuTeL5vwVg5tN4b6zqvY
5Em05T0+o+vL8H0/qV9oGLKeEUvrj2sGVZe6UcWvc8Q3BLmeKcXLt+9f+0wUIxf3
35d5soiyf1OCaxBx5C3vXFabVMeK1vA4xQ/mDaAVoDd8TgXz1vZx69xIVqPTg/g0
Df8IDTbCR7C260PXUsv6
=g88C
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ