Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 18 Sep 2016 10:40:06 -0400 (EDT)
From: cve-assign@...re.org
To: vul@...safe.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request - openjpeg null ptr dereference

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> AddressSanitizer: SEGV on unknown address
> 
> https://github.com/uclouvain/openjpeg/issues/843

Use CVE-2016-7445.

(A NULL pointer dereference is within the scope of CVE when it affects
a library that can realistically be used to build a multiple-input
application. For example, openjpeg-nullptr-github-issue-842.ppm
crashes the application, and the application was supposed to have
remained running to display other images in other windows.)

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX3qbJAAoJEHb/MwWLVhi2dMIP/1Gynw4G1wvocXs2eT0FqQrA
WpR15GQzvHzMbVoeKcG9dLx+kGU/VbZXqxPv1EAFFPa6/Tv9ZOnbD2Kj6nmO1W1k
tF/jLpeViTxqnvZEVJ9HSFBC5sVj/SEj1QV4/C31Uv1WRyu2XeTJfxWfjzsT4ts5
nxbwqZAFJFCnXTjPMh2a1LIp+NBd1J8v/ohsHfZsPYQMO8FeXtJ6zuOKeO2hDiFo
krPkMMELB/0HSHd4LQ7KLgAWyUeVyfcpWliVUyAMzXRm0XkDeEwec/7LAVAXeD3y
CA7w6CVy8dPa3cA8sGcphSWKCdt0iq+DJBAT2VvpGC5XSzD+c32cwB4ME5wxr/tB
KIi3Wg9iuv7jZLykPz4Ir5HlDNO+6FJ9hAZYHSQVHoq+Z3d1TX84Msk8EkuFZsNi
tEutJ7/Tg8Yfwn5QnVtaKIq9vMBSeyEdN8CChQyS/iuS+LNtIxTMdiSXT6Z2B9cL
MJ56Vz35ArTpil3jF4SlKyeTE2tikdOmg0rjr8jbhpIeCXDTjM/HJ60ekkjdQids
L5erXn3RfYKKequqNVLIhejzHir1DXa+cfplvPRTDD8FIXOZyjw+0yCfyI64rY8V
4ucN0O5dzpMNzO+KNErIxX8E5Sea0ERPhnp97sYDwIpEtcn0Lu2odsjVtnIzOdAq
5BdJZ0sBPI/EM7bXZJDc
=EcEl
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.