Information on CVE-2014-0158, openjpeg

[Raphael Geissert <geissert () debian org>]

Hi,

I just became aware of CVE-2014-0158[1], which was recently assigned
to openjpeg.
Looking at the proposed patch (as the description is rather brief), it
seems to me that it is a dup of one of the bugs covered by
CVE-2013-1447.

Quoting from my post to oss-security:
> 5. null pointer dereferences, division by zero, and anything that
would just fit as DoS (CVE-2013-1447)

> [listing the group of issues and attachments]
> 5.
> [...]
> segfault6.patch

Which is exactly what is being commented about in [2], a copy of which
is also available at [3].

IIRC without that patch some of the structures were not initialized
and applications (like the ones shipped by openjpeg itself) would try
to dereference NULL pointers, and just crash - no memory write was
involved.

Or is there more into CVE-2014-0158 that I might be missing?

P.S. testing the encoding functions would probably be like opening
another can of worms, if anyone is interested in that.

[1]https://bugzilla.redhat.com/CVE-2014-0158
[2]https://bugzilla.redhat.com/show_bug.cgi?id=1082925#c8
[3]https://bugzilla.redhat.com/show_bug.cgi?id=1037945#c11

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net