Re: Information on CVE-2014-0158, openjpeg

[Huzaifa Sidhpurwala <huzaifas () redhat com>]

On 04/02/2014 02:01 PM, Raphael Geissert wrote:
> Hi,
>
> I just became aware of CVE-2014-0158[1], which was recently assigned
> to openjpeg.
> Looking at the proposed patch (as the description is rather brief), it
> seems to me that it is a dup of one of the bugs covered by
> CVE-2013-1447.
You are correct, i just realised that this issue is already patched when
i looked at those issues.

> Quoting from my post to oss-security:
> > 5. null pointer dereferences, division by zero, and anything that
> would just fit as DoS (CVE-2013-1447)
>
> > [listing the group of issues and attachments]
> > 5.
> > [...]
> > segfault6.patch
>
> Which is exactly what is being commented about in [2], a copy of which
> is also available at [3].
>
> IIRC without that patch some of the structures were not initialized
> and applications (like the ones shipped by openjpeg itself) would try
> to dereference NULL pointers, and just crash - no memory write was
> involved.
>
> Or is there more into CVE-2014-0158 that I might be missing?

I dont agree with this being only a crash. I put some details at:
https://bugzilla.redhat.com/show_bug.cgi?id=1082925#c1

Anyway, this CVE is a dupe, MITRE could you please reject this CVE?



-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team