Date: Tue, 17 Jan 2017 11:33:24 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: Re: Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) On Monday 16 January 2017 19:10:08 cve-assign@...re.org wrote: > >  > > https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc > > _undo_roi-jpc_dec-c > > > > AddressSanitizer: SEGV on unknown address > > The signal is caused by a READ memory access. > > > > jpc_undo_roi ... jasper-1.900.27/src/libjasper/jpc/jpc_dec.c:1925:10 > > Use CVE-2017-5504. > > > -- > CVE Assignment Team > M/S M300, 202 Burlington Road, Bedford, MA 01730 USA > [ A PGP key is available for encrypted communications at > http://cve.mitre.org/cve/request_id.html ] The previous mail clearly state: > Timeline: > 2016-11-20: bug discovered and reported to upstream Why a CVE-2017-* ? -- Agostino
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ