oss-sec mailing list archives
Re: Information on CVE-2014-0158, openjpeg
From: Raphael Geissert <geissert () debian org>
Date: Wed, 2 Apr 2014 11:15:30 +0200
On 2 April 2014 11:02, Huzaifa Sidhpurwala <huzaifas () redhat com> wrote:
On 04/02/2014 02:01 PM, Raphael Geissert wrote:
[...]
IIRC without that patch some of the structures were not initialized and applications (like the ones shipped by openjpeg itself) would try to dereference NULL pointers, and just crash - no memory write was involved. Or is there more into CVE-2014-0158 that I might be missing?I dont agree with this being only a crash. I put some details at: https://bugzilla.redhat.com/show_bug.cgi?id=1082925#c1
I do agree with the overall explanation but from that point on I don't think there is anything in openjpeg that would lead to a heap write before triggering a null pointer dereference or an OOB heap read. IIRC the latter being fixed in general by segfault4.patch, which ensures that all allocated heap memory is initialized.
Anyway, this CVE is a dupe, MITRE could you please reject this CVE?
Well, depending on the above this specific bug might be split off CVE-2013-1447 - the original id covered bugs that could only be classified as leading to denial of service, nothing more. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- Information on CVE-2014-0158, openjpeg Raphael Geissert (Apr 02)
- Re: Information on CVE-2014-0158, openjpeg Huzaifa Sidhpurwala (Apr 02)
- Re: Information on CVE-2014-0158, openjpeg Raphael Geissert (Apr 02)
- Re: Information on CVE-2014-0158, openjpeg Huzaifa Sidhpurwala (Apr 02)