oss-sec mailing list archives

libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025)

From: Sean Amoss <ackle () gentoo org>
Date: Tue, 30 Oct 2012 17:52:01 -0400

Steve, MITRE, vendors:

Another possible duplicate CVE assignment below :D

CVE-2011-5232 - Double free vulnerability in the Free_All_Memory
function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the
FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause
a denial of service (crash) via a crafted FPX image.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5232

References to http://secunia.com/advisories/47246

=======================================================================

CVE-2012-0025 - libfpx "Free_All_Memory()" Double-Free Vulnerability

CVE Assignment: http://www.openwall.com/lists/oss-security/2012/01/03/16

References https://secunia.com/advisories/47246 in assignment above


Thanks,
Sean

-- 
Sean Amoss
Gentoo Security | GLSA Coordinator
E-Mail    : ackle () gentoo org
GnuPG FP  : E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Sean Amoss (Oct 30)
- Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025) Steven M. Christey (Nov 02)