oss-sec mailing list archives
Re: Re: CVE Request - OpenJPEG: Security Fixes
From: WinsonLiu <stackexploit () gmail com>
Date: Thu, 12 May 2016 18:09:46 +0800
Hi,Some security issues of OpenJPEG have been fixed. Please consider assigning CVE numbers to them.2. Issue 775OpenJPEG Out-of-Bounds Access in function opj_tgt_reset of tgt.c Fixed viahttps://github.com/uclouvain/openjpeg/commit/1a8318f6c24623189ecb65e049267c6f2e005c0eIs that a different issue than CVE-2016-1924?
Hi Moritz, You are right. Issue 775 was a duplicate of CVE-2016-1924. I didn't notice that limingxing has been reported this issue (reported at http://seclists.org/oss-sec/2016/q1/128 and assigned CVE-2016-1924). I have tested the proof-of-concept file supplied by limingxing and confirmed that issue 775 was a duplicate of CVE-2016-1924. It seems that limingxing did not report it to the official developers because I could not find any information about this issue on GitHub and the official developers did not fix it for a long time. I thought this was a new issue and reported it to them after I did some fuzz testing. Anyway, this issue has been fixed by the official developers now. Regards, Ke Liu of Tencent's Xuanwu LAB
Current thread:
- CVE Request - OpenJPEG: Security Fixes 刘科 (May 11)
- Re: CVE Request - OpenJPEG: Security Fixes Moritz Muehlenhoff (May 12)
- Re: CVE Request - OpenJPEG: Security Fixes cve-assign (May 12)
- <Possible follow-ups>
- Re: Re: CVE Request - OpenJPEG: Security Fixes WinsonLiu (May 12)