Re: Information on CVE-2014-0158, openjpeg

[Raphael Geissert <geissert () debian org>]

On 2 April 2014 11:02, Huzaifa Sidhpurwala <huzaifas () redhat com> wrote:
> On 04/02/2014 02:01 PM, Raphael Geissert wrote:
[...]
> > IIRC without that patch some of the structures were not initialized
> > and applications (like the ones shipped by openjpeg itself) would try
> > to dereference NULL pointers, and just crash - no memory write was
> > involved.
> >
> > Or is there more into CVE-2014-0158 that I might be missing?
>
> I dont agree with this being only a crash. I put some details at:
> https://bugzilla.redhat.com/show_bug.cgi?id=1082925#c1

I do agree with the overall explanation but from that point on I don't
think there is anything in openjpeg that would lead to a heap write
before triggering a null pointer dereference or an OOB heap read. IIRC
the latter being fixed in general by segfault4.patch, which ensures
that all allocated heap memory is initialized.

> Anyway, this CVE is a dupe, MITRE could you please reject this CVE?

Well, depending on the above this specific bug might be split off
CVE-2013-1447 - the original id covered bugs that could only be
classified as leading to denial of service, nothing more.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net