oss-sec mailing list archives

CVE Request: Heap-based buffer overflow in openjpeg

From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Mon, 27 Aug 2012 11:49:31 +0530

Hi Folks,

I discovered a heap-based buffer-overflow in openjpeg, when decoding
JPEG200 images. More details at:

https://bugzilla.redhat.com/show_bug.cgi?id=842918
http://code.google.com/p/openjpeg/issues/detail?id=170

This seems to affect versions 1.3 , upto the latest release
version.

Upstream is currently working on the fix.

Can a CVE id be please assigned to this flaw?


-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team

Current thread:

CVE Request: Heap-based buffer overflow in openjpeg Huzaifa Sidhpurwala (Aug 26)
- Re: CVE Request: Heap-based buffer overflow in openjpeg Kurt Seifried (Aug 26)