Re: CVE Request: Heap corruption in openjpeg

[Jan Lieskovsky <jlieskov () redhat com>]

Thank you for this post, Huzaifa.

On 04/13/2012 09:29 AM, Huzaifa Sidhpurwala wrote:
> Hi All,
>
> While looking at openjpeg, i found the following bug in their tracker,
> which still seems to be un-addressed.
> http://code.google.com/p/openjpeg/issues/detail?id=5
>
> I dont think a CVE id has been assigned to this issue yet.

Yes, doesn't look so one got assigned for this one yet, since:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg

provides just recent CVE-2012-1499. To the:

http://code.google.com/p/openjpeg/issues/detail?id=5

issue itself:

1) It should get a CVE-2009-* identifier (upstream
ticket is public from 2009-Jul-31).

2) From the issue reasons investigation, it seems to
be combination of heap-based buffer invalid reads and
writes by processing certain Gray16 TIFF images, leading
to invalid free (when such corrupted memory allocated
for tile encoder / decoder handle (TCD) is attempted
to be freed).

More official description in Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=812317

Kurt, could you allocate a 2009 CVE id?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

>