Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Jan 2017 11:30:36 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: Re: Re: jasper: multiple crashes with UBSAN

On Monday 16 January 2017 19:06:47 cve-assign@...re.org wrote:
> > http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
> > 
> > [] jasper-1.900.17/src/libjasper/include/jasper/jas_math.h:156:11
> > runtime error: left shift of negative value -185
> 
> Use CVE-2017-5498.
> 
> > [] jasper-1.900.17/src/libjasper/jpc/jpc_dec.c:1838:9
> > runtime error: signed integer overflow: -64356352 * 
6359082673847140352
> > cannot be represented in type 'long'
> 
> Use CVE-2017-5499.
> 
> > [] jasper-1.900.17/src/libjasper/jpc/jpc_dec.c:1819:40
> > runtime error: shift exponent 117 is too large for 64-bit type 'jpc_fix_t'
> > (aka 'long')
> 
> Use CVE-2017-5500.
> 
> > [] jasper-1.900.17/src/libjasper/jpc/jpc_tsfb.c:233:35
> > runtime error: signed integer overflow: 2013306369 + 251691968 
cannot be
> > represented in type 'int'
> 
> Use CVE-2017-5501.
> 
> > [] jasper-1.900.17/src/libjasper/jp2/jp2_dec.c:485:49
> > runtime error: left shift of negative value -26
> 
> Use CVE-2017-5502.
> 
> 
> --
> CVE Assignment Team
> M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> [ A PGP key is available for encrypted communications at
>   http://cve.mitre.org/cve/request_id.html ]

The previous mail clearly state:
> Timeline:
> 2016-10-28: bug discovered and reported to upstream

Why CVE-2017-* ?

--
Agostino

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ