oss-sec mailing list archives
Re: Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c)
From: Agostino Sarubbo <ago () gentoo org>
Date: Tue, 17 Jan 2017 11:33:24 +0100
On Monday 16 January 2017 19:10:08 cve-assign () mitre org wrote:
[] https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc _undo_roi-jpc_dec-c AddressSanitizer: SEGV on unknown address The signal is caused by a READ memory access. jpc_undo_roi ... jasper-1.900.27/src/libjasper/jpc/jpc_dec.c:1925:10Use CVE-2017-5504. -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ]
The previous mail clearly state:
Timeline: 2016-11-20: bug discovered and reported to upstream
Why a CVE-2017-* ? -- Agostino
Current thread:
- jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) Agostino Sarubbo (Jan 16)
- Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) cve-assign (Jan 16)
- Re: Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) Agostino Sarubbo (Jan 17)
- Re: jasper: invalid memory read in jpc_undo_roi (jpc_dec.c) cve-assign (Jan 16)