Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Oct 2016 21:00:23 -0400 (EDT)
From: cve-assign@...re.org
To: hanno@...eck.de
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Fuzzing jasper

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/mdadams/jasper/issues/28
> Heap overflow in jpc_dec_cp_setfromcox()

> AddressSanitizer: heap-buffer-overflow
> WRITE of size 1

> malformed jpeg2000 file

> jpc_dec_cp_setfromcox ... libjasper/jpc/jpc_dec.c:1668:32

Use CVE-2016-8880.


> https://github.com/mdadams/jasper/issues/29
> Heap overflow in jpc_getuint16()

> AddressSanitizer: heap-buffer-overflow
> WRITE of size 8

> jpc_getuint16 ... libjasper/jpc/jpc_cs.c:1572:8

Use CVE-2016-8881.


> https://github.com/mdadams/jasper/issues/30
> segfault / null pointer access in jpc_pi_destroy

> AddressSanitizer: SEGV on unknown address 0x000000000000

> jpc_pi_destroy ... libjasper/jpc/jpc_t2cod.c:521:10

> https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee

Use CVE-2016-8882.


> https://github.com/mdadams/jasper/issues/31
> double free on jpeg parsing

>> From: Agostino Sarubbo
>> This is a duplicate of the double-free I reported
>> https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/

(this was already assigned CVE-2016-8693)


> https://github.com/mdadams/jasper/issues/32
> assert in jpc_dec_tiledecode()

> imginfo: jpc_dec.c:1072: int jpc_dec_tiledecode(jpc_dec_t *, jpc_dec_tile_t *): Assertion `dec->numcomps >= 3' failed.

> https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d

Use CVE-2016-8883.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYDArpAAoJEHb/MwWLVhi2dRAP/1Qvj44C7Wp43GQDGLzXEkL+
XF25qtPfMJBeNtcPeDmkAAfW04Re10NYptCmmNWH7uxXDeyeakHhJjCaiI372nSe
e/TZ7adgkaxFAanUc5WF6lhnX8VrCg/Naa/F/aSUk5Y55KgkfmqnXosy84ktIaUs
aSrPR5k6gogmG85K17Jy3rvysO01ftGKP5uvyT8V49BDAR7S21DGCgGowf53AWid
J8fFHz64E+8L0Ws2T4secUhHVlxSC7EygVPN6RERspEezM49TDzWn/3jyU2Rnyiq
Tc4ehZGxJR+TkPzg9dnnH/jrJ0EjLktYOhMttjCXhFUWLNAg9R2mowLxBqfVDsIm
yotcn7pGVB5VZCHsBz5srzKdLytMV8HlpurVx2fawVh62TRULOon8RLKbGoO6x9d
XMvOCjxF0+oPIq4wRk4j3FIewlzNi7sktgAJ7dqlADbiNtpOF8EhiWfYq5/+h8BJ
kUqbLPDVTCF3iQiNkWOL7wdbBPlC3SsdgB73a0U92ApWCz4BZ2cMAbNosrmpbAS9
DK8DPwwVFFKgMu8FVJhlCa3FSJEsXHMKZHeb0J3merRimupUcoDMIUV5VSHNq8RK
WodgTixKBURw4XHGVJ3dgX665USRqbvBGxb9zOYWaXZsRrc1uHNRNHDP78h6eY6i
N8eeB+pE7gmFUQP+7Kng
=yV6y
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.