Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 16 Jan 2017 19:10:08 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> [] https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc_undo_roi-jpc_dec-c
> 
> AddressSanitizer: SEGV on unknown address
> The signal is caused by a READ memory access.
> 
> jpc_undo_roi ... jasper-1.900.27/src/libjasper/jpc/jpc_dec.c:1925:10

Use CVE-2017-5504.


- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYfV+TAAoJEHb/MwWLVhi2BnoP/iX2MWVoRd5spNVOMwFfsnw+
RzFqjbJfb9tiiVrUkmsvadvJ65waV8WYhiUag9eWzSi0NboaY0P4CtybFbPr2jf6
W7hZXmbxVqUgKLnOi3dwc5L2wHedMAe2BN0euz/Grh3jgCVdw0vT8GA5L+i/+jMG
j6J1JV5JhMlsqdLC3BnzBLvxXVkY3ctUMaoVf74WZiA2l9unsQDHqRo3Kuya4v6A
lDOYbkEkO1DQqkmxURhxKIfGJM0a4hUNzB4WtJjoq2L3UGq+gTuvxzwcEuBOBZuf
rnLjPKaAaLISAMU3hzlvWcMcGag16YvT78OAaY7szurBcl+BPPJeJqe9tFxQZ/cf
HrYEdF/Xr/lTD2T/s7JsxaNtJ2mnnVWB4OzJLCE0EuZtoD6/C1OiH5T5mPPbix2v
Vm1EEHhx/CiFUvtCS8e8ZirGfSRklJGqgjimBMgM/3cheGVgIzVKdxyD07WQCITV
kY1Q4FFCE2vDZ8boFRWcsJnuae7kJ/kRn4/9G3oYB1XygH6GZ+RB1TG0dF1qYW2z
uum/6YYhhAX4G7xX/DeUoUcaqzC4nuB8TRmVmm05TW8pr/NL0d68KZN1Bjm3eipa
/bf/MQP5hE3fkpEBYYTJMaaaVZBBw8PzvWbE54ncqvZ3a+Q/bfq7JM3uMHZmeIuQ
yRP72ZaDoxvPZvugXtsr
=RGe1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ