oss-sec mailing list archives

Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025)

From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Fri, 2 Nov 2012 13:31:27 -0400 (EDT)


Sean,

Agree with this duplicate, too.

Keep CVE-2012-0025 and REJECT CVE-2011-5232.

Thanks,
Steve


On Tue, 30 Oct 2012, Sean Amoss wrote:

Steve, MITRE, vendors:

Another possible duplicate CVE assignment below :D

CVE-2011-5232 - Double free vulnerability in the Free_All_Memory
function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the
FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause
a denial of service (crash) via a crafted FPX image.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5232

References to http://secunia.com/advisories/47246

=======================================================================

CVE-2012-0025 - libfpx "Free_All_Memory()" Double-Free Vulnerability

CVE Assignment: http://www.openwall.com/lists/oss-security/2012/01/03/16

References https://secunia.com/advisories/47246 in assignment above


Thanks,
Sean

--
Sean Amoss
Gentoo Security | GLSA Coordinator
E-Mail    : ackle () gentoo org
GnuPG FP  : E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A

Current thread:

libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Sean Amoss (Oct 30)
- Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Steven M. Christey (Nov 02)