Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 16 Jan 2017 19:10:08 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> [] https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc_undo_roi-jpc_dec-c
> 
> AddressSanitizer: SEGV on unknown address
> The signal is caused by a READ memory access.
> 
> jpc_undo_roi ... jasper-1.900.27/src/libjasper/jpc/jpc_dec.c:1925:10

Use CVE-2017-5504.


- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYfV+TAAoJEHb/MwWLVhi2BnoP/iX2MWVoRd5spNVOMwFfsnw+
RzFqjbJfb9tiiVrUkmsvadvJ65waV8WYhiUag9eWzSi0NboaY0P4CtybFbPr2jf6
W7hZXmbxVqUgKLnOi3dwc5L2wHedMAe2BN0euz/Grh3jgCVdw0vT8GA5L+i/+jMG
j6J1JV5JhMlsqdLC3BnzBLvxXVkY3ctUMaoVf74WZiA2l9unsQDHqRo3Kuya4v6A
lDOYbkEkO1DQqkmxURhxKIfGJM0a4hUNzB4WtJjoq2L3UGq+gTuvxzwcEuBOBZuf
rnLjPKaAaLISAMU3hzlvWcMcGag16YvT78OAaY7szurBcl+BPPJeJqe9tFxQZ/cf
HrYEdF/Xr/lTD2T/s7JsxaNtJ2mnnVWB4OzJLCE0EuZtoD6/C1OiH5T5mPPbix2v
Vm1EEHhx/CiFUvtCS8e8ZirGfSRklJGqgjimBMgM/3cheGVgIzVKdxyD07WQCITV
kY1Q4FFCE2vDZ8boFRWcsJnuae7kJ/kRn4/9G3oYB1XygH6GZ+RB1TG0dF1qYW2z
uum/6YYhhAX4G7xX/DeUoUcaqzC4nuB8TRmVmm05TW8pr/NL0d68KZN1Bjm3eipa
/bf/MQP5hE3fkpEBYYTJMaaaVZBBw8PzvWbE54ncqvZ3a+Q/bfq7JM3uMHZmeIuQ
yRP72ZaDoxvPZvugXtsr
=RGe1
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.