oss-sec mailing list archives
Re: CVE Request: Heap corruption in openjpeg
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Fri, 13 Apr 2012 13:56:58 +0200
Thank you for this post, Huzaifa. On 04/13/2012 09:29 AM, Huzaifa Sidhpurwala wrote:
Hi All, While looking at openjpeg, i found the following bug in their tracker, which still seems to be un-addressed. http://code.google.com/p/openjpeg/issues/detail?id=5 I dont think a CVE id has been assigned to this issue yet.
Yes, doesn't look so one got assigned for this one yet, since: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg provides just recent CVE-2012-1499. To the: http://code.google.com/p/openjpeg/issues/detail?id=5 issue itself: 1) It should get a CVE-2009-* identifier (upstream ticket is public from 2009-Jul-31). 2) From the issue reasons investigation, it seems to be combination of heap-based buffer invalid reads and writes by processing certain Gray16 TIFF images, leading to invalid free (when such corrupted memory allocated for tile encoder / decoder handle (TCD) is attempted to be freed). More official description in Red Hat bug: https://bugzilla.redhat.com/show_bug.cgi?id=812317 Kurt, could you allocate a 2009 CVE id? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request: Heap corruption in openjpeg Huzaifa Sidhpurwala (Apr 13)
- Re: CVE Request: Heap corruption in openjpeg Jan Lieskovsky (Apr 13)
- Re: CVE Request: Heap corruption in openjpeg Kurt Seifried (Apr 13)
- Re: CVE Request: Heap corruption in openjpeg Jan Lieskovsky (Apr 13)