oss-sec mailing list archives
Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025)
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Fri, 2 Nov 2012 13:31:27 -0400 (EDT)
Sean, Agree with this duplicate, too. Keep CVE-2012-0025 and REJECT CVE-2011-5232. Thanks, Steve On Tue, 30 Oct 2012, Sean Amoss wrote:
Steve, MITRE, vendors: Another possible duplicate CVE assignment below :D CVE-2011-5232 - Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5232 References to http://secunia.com/advisories/47246 ======================================================================= CVE-2012-0025 - libfpx "Free_All_Memory()" Double-Free Vulnerability CVE Assignment: http://www.openwall.com/lists/oss-security/2012/01/03/16 References https://secunia.com/advisories/47246 in assignment above Thanks, Sean -- Sean Amoss Gentoo Security | GLSA Coordinator E-Mail : ackle () gentoo org GnuPG FP : E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A
Current thread:
- libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Sean Amoss (Oct 30)
- Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Steven M. Christey (Nov 02)