oss-sec mailing list archives

Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c)

From: <cve-assign () mitre org>
Date: Mon, 16 Jan 2017 19:08:48 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

[] https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c

AddressSanitizer: SEGV on unknown address
The signal is caused by a WRITE memory access.

dec_clnpass ... jasper-1.900.27/src/libjasper/jpc/jpc_t1dec.c:869:4


Use CVE-2017-5503.


- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYfV+OAAoJEHb/MwWLVhi2MgsP/RhVEboMm9UMLEpF8m4ZYraO
lDJaf20dpH2yKmiGnxl1ZGr3FxPdLW7TG50sJdJ6aJ6uXcI9j5mgNBsHP/d7Iccv
i3oYr7QFGY+vTmi8HvXTCPVJmeGLZiniUWZaGmnblWkRHBlBU1zOrv+C3R78BvGR
XcrYX/E6fUSZEVe0kdb+8lMUG7NHpPqF3xsp1Ys1Yoyj2AAt2EkEP9sR0qc3xD0X
69IRLfV4v6KNzqYp72uJ7JrETKY0VKAGjM1PKRtLZdcEL1HJBHL1J/BkvjtHH3hk
cEEROgbamXFX2B2LjQAFdL4emcAIvPRBztR4cojmNwi3lEwP3ZsLjTIWyX+3ZyCv
V3TAy9tDdO9e8oBUGQSdMzSH8zh6Yb0alJZYcBRNOQhgDnxuLGtKEbSiE3+lbNmJ
Z4mTR4xlH9KGjFkseHmdD0UoNUJrYNzokeoy0sXJUkBDUERkc935gmeUWAKnJ/s1
U5MZpyKydRJsk+qulp7r+1I2MRXChx6kZiKkRu2iI931GH2f/TGiQxB6I7JZqtLX
mhq+UUR6aYoSKxNAWciDiTrrbFuAyHtQ90uvwxTU/ySpzHuJN4CUPJ3iUzjauPMa
BOfP6lhwlV6t/1x5volP5A55xNsyhCnmguacdoK0r8YkPjfIyraEd8VX17sCq2FS
DJIvlsjb/y8uB9Dh5KYN
=etAz
-----END PGP SIGNATURE-----

Current thread:

jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo (Jan 16)
- Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) cve-assign (Jan 16)
  - Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo (Jan 17)
    - Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Moritz Muehlenhoff (Jan 17)
    - Re: Re: jasper: invalid memory write in dec_clnpass (jpc_t1dec.c) Agostino Sarubbo (Jan 17)