Date: Wed, 2 Apr 2014 11:15:30 +0200 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Cc: "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: Information on CVE-2014-0158, openjpeg On 2 April 2014 11:02, Huzaifa Sidhpurwala <huzaifas@...hat.com> wrote: > On 04/02/2014 02:01 PM, Raphael Geissert wrote: [...] >> IIRC without that patch some of the structures were not initialized >> and applications (like the ones shipped by openjpeg itself) would try >> to dereference NULL pointers, and just crash - no memory write was >> involved. >> >> Or is there more into CVE-2014-0158 that I might be missing? > > I dont agree with this being only a crash. I put some details at: > https://bugzilla.redhat.com/show_bug.cgi?id=1082925#c1 I do agree with the overall explanation but from that point on I don't think there is anything in openjpeg that would lead to a heap write before triggering a null pointer dereference or an OOB heap read. IIRC the latter being fixed in general by segfault4.patch, which ensures that all allocated heap memory is initialized. > Anyway, this CVE is a dupe, MITRE could you please reject this CVE? Well, depending on the above this specific bug might be split off CVE-2013-1447 - the original id covered bugs that could only be classified as leading to denial of service, nothing more. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.