![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
Re: CVE Request: OpenJPEG Integer Overflow Issue
From: cve-assign () mitre org
Date: Thu, 8 Sep 2016 02:54:34 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I reported a security issue of OpenJPEG some days ago and it has been fixed now. The fix is available at https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4 and https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24 An integer overflow issue exists in function opj_pi_create_decode of pi.c. It can lead to Out-Of-Bounds Read and Out-Of-Bounds Write in function opj_pi_next_cprl of pi.c (function opj_pi_next_lrcp, opj_pi_next_rlcp, opj_pi_next_rpcl, opj_pi_next_pcrl may also be vulnerable). This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OpenJPEG. AddressSanitizer: heap-buffer-overflow READ of size 2
Use CVE-2016-7163. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX0QmeAAoJEHb/MwWLVhi2SEUQAJvisRFvAjK9IUHMHU4aRkbn q9iW+T0WKW0ZcuUphsFfVdRy6UiTwabpTmv7G+QVP5f94PJeRtJLld+1KhC/WuGA YFI6njO+oyFQZUfn6NUGN+tpeTKiggsqSNftQk1TI7UYa7s9pmVxnZCqBSm4Wv3p +sknI6512MXWiaIEffk4yGMwZpjdeNquGfxWh6xVin3IE1e65xcpJEvZ9wvvFS34 y8EixiRrC0pryN9eEcmfat2yZCMdHzuCPVk1rvUfVrTIqVxTWg2pNyCfCx3eMdk+ y55TvqFA2D6f/Es8njxPQlxO1c8XIAqnlX6FnUWI9T+doEpKzBlQGjlUq0Pigwty OsiKMKGyYc3GV2+FJwFWbb1Iwap4jJdjta5pqBPLOMaiun44euOeDIkjBaPCqYYG m17WNAlt87rwaynbcEMf7DnStQRRstD98invsCDMScar5H/iVYjun2Vga+6Kjj4Z ZyqKH0frrW6tMYRA2jQw8G7N8zejfAjzAy+sFPhQkQBWybHYVL4tQNaETaQ+DGWb 7Q22gSQnGZD8P4YozJaSOxbVsU7NKFeEHPlS3VWDmiXCwARJz4WpFRb+OhZLO8O9 ZIbDkOXK6fJnZA/UKximUSpi6tYyWebjB6ObLB0n3EIbmXo8dQj9hYU3IW6d6DTA KQcQYU4f5/THNjpi6MnK =Hb3K -----END PGP SIGNATURE-----
Current thread:
- CVE Request: OpenJPEG Integer Overflow Issue 刘科 (Sep 07)
- Re: CVE Request: OpenJPEG Integer Overflow Issue cve-assign (Sep 07)