Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 16 Jan 2017 19:08:48 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> [] https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c
> 
> AddressSanitizer: SEGV on unknown address
> The signal is caused by a WRITE memory access.
> 
> dec_clnpass ... jasper-1.900.27/src/libjasper/jpc/jpc_t1dec.c:869:4

Use CVE-2017-5503.


- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYfV+OAAoJEHb/MwWLVhi2MgsP/RhVEboMm9UMLEpF8m4ZYraO
lDJaf20dpH2yKmiGnxl1ZGr3FxPdLW7TG50sJdJ6aJ6uXcI9j5mgNBsHP/d7Iccv
i3oYr7QFGY+vTmi8HvXTCPVJmeGLZiniUWZaGmnblWkRHBlBU1zOrv+C3R78BvGR
XcrYX/E6fUSZEVe0kdb+8lMUG7NHpPqF3xsp1Ys1Yoyj2AAt2EkEP9sR0qc3xD0X
69IRLfV4v6KNzqYp72uJ7JrETKY0VKAGjM1PKRtLZdcEL1HJBHL1J/BkvjtHH3hk
cEEROgbamXFX2B2LjQAFdL4emcAIvPRBztR4cojmNwi3lEwP3ZsLjTIWyX+3ZyCv
V3TAy9tDdO9e8oBUGQSdMzSH8zh6Yb0alJZYcBRNOQhgDnxuLGtKEbSiE3+lbNmJ
Z4mTR4xlH9KGjFkseHmdD0UoNUJrYNzokeoy0sXJUkBDUERkc935gmeUWAKnJ/s1
U5MZpyKydRJsk+qulp7r+1I2MRXChx6kZiKkRu2iI931GH2f/TGiQxB6I7JZqtLX
mhq+UUR6aYoSKxNAWciDiTrrbFuAyHtQ90uvwxTU/ySpzHuJN4CUPJ3iUzjauPMa
BOfP6lhwlV6t/1x5volP5A55xNsyhCnmguacdoK0r8YkPjfIyraEd8VX17sCq2FS
DJIvlsjb/y8uB9Dh5KYN
=etAz
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.