oss-sec mailing list archives
Re: Fuzzing jasper
From: cve-assign () mitre org
Date: Sat, 22 Oct 2016 21:00:23 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://github.com/mdadams/jasper/issues/28 Heap overflow in jpc_dec_cp_setfromcox()
AddressSanitizer: heap-buffer-overflow WRITE of size 1
malformed jpeg2000 file
jpc_dec_cp_setfromcox ... libjasper/jpc/jpc_dec.c:1668:32
Use CVE-2016-8880.
https://github.com/mdadams/jasper/issues/29 Heap overflow in jpc_getuint16()
AddressSanitizer: heap-buffer-overflow WRITE of size 8
jpc_getuint16 ... libjasper/jpc/jpc_cs.c:1572:8
Use CVE-2016-8881.
https://github.com/mdadams/jasper/issues/30 segfault / null pointer access in jpc_pi_destroy
AddressSanitizer: SEGV on unknown address 0x000000000000
jpc_pi_destroy ... libjasper/jpc/jpc_t2cod.c:521:10
https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee
Use CVE-2016-8882.
https://github.com/mdadams/jasper/issues/31 double free on jpeg parsing
From: Agostino Sarubbo This is a duplicate of the double-free I reported https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
(this was already assigned CVE-2016-8693)
https://github.com/mdadams/jasper/issues/32 assert in jpc_dec_tiledecode()
imginfo: jpc_dec.c:1072: int jpc_dec_tiledecode(jpc_dec_t *, jpc_dec_tile_t *): Assertion `dec->numcomps >= 3' failed.
https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d
Use CVE-2016-8883. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYDArpAAoJEHb/MwWLVhi2dRAP/1Qvj44C7Wp43GQDGLzXEkL+ XF25qtPfMJBeNtcPeDmkAAfW04Re10NYptCmmNWH7uxXDeyeakHhJjCaiI372nSe e/TZ7adgkaxFAanUc5WF6lhnX8VrCg/Naa/F/aSUk5Y55KgkfmqnXosy84ktIaUs aSrPR5k6gogmG85K17Jy3rvysO01ftGKP5uvyT8V49BDAR7S21DGCgGowf53AWid J8fFHz64E+8L0Ws2T4secUhHVlxSC7EygVPN6RERspEezM49TDzWn/3jyU2Rnyiq Tc4ehZGxJR+TkPzg9dnnH/jrJ0EjLktYOhMttjCXhFUWLNAg9R2mowLxBqfVDsIm yotcn7pGVB5VZCHsBz5srzKdLytMV8HlpurVx2fawVh62TRULOon8RLKbGoO6x9d XMvOCjxF0+oPIq4wRk4j3FIewlzNi7sktgAJ7dqlADbiNtpOF8EhiWfYq5/+h8BJ kUqbLPDVTCF3iQiNkWOL7wdbBPlC3SsdgB73a0U92ApWCz4BZ2cMAbNosrmpbAS9 DK8DPwwVFFKgMu8FVJhlCa3FSJEsXHMKZHeb0J3merRimupUcoDMIUV5VSHNq8RK WodgTixKBURw4XHGVJ3dgX665USRqbvBGxb9zOYWaXZsRrc1uHNRNHDP78h6eY6i N8eeB+pE7gmFUQP+7Kng =yV6y -----END PGP SIGNATURE-----
Current thread:
- Re: Fuzzing jasper cve-assign (Oct 15)
- Re: Re: Fuzzing jasper Graham Christensen (Oct 16)
- Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
- Re: Re: Fuzzing jasper Hanno Böck (Oct 16)
- Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 17)
- Re: Fuzzing jasper cve-assign (Oct 22)
- Re: Fuzzing jasper cve-assign (Oct 23)
- <Possible follow-ups>
- Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
- Re: Re: Fuzzing jasper Graham Christensen (Oct 16)