oss-sec mailing list archives
Re: Stack smashing in libjpeg-turbo
From: cve-assign () mitre org
Date: Wed, 26 Nov 2014 02:48:14 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 I created a minimal test case in around 200 lines. It uses a file with the intercepted scanlines of the calls to jpeg_write_scanlines. Also the Exif marker is read from such a file. (And without this Exif marker the stack smash does not happen...)
Use CVE-2014-9092. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUdYGqAAoJEKllVAevmvmsA7QH/ijNNlUkWF2Vst56xw9AZNUN dYdTRNXISkzOotHcglCpOomIzjbTWy4ablsLxryr0kUc4ZjIc5RlZuCTKAaVJ+EC RgphhkmFHkKNqPSVMLtIOpP4ZX/0uPSKAMlzoXsRzRgmEBG6pnYnokJTa47sit26 iSpvAqXUNwJ/ZA14eUFMDdP6FbpOB4wmHS9h5nnUO7lzhmM/93XasD6WluBB0EBo F9xZ/a0pCfEV+9RwKMiGsr2w+nPYDzUWlnrNbVnw8ou9msI/tolGadUbbwCM1NY9 FiemAFw4ZRExQIjDKaubApDlNuYzckmDNvBWJkwdVIJvBvQqNPVmUMP4MefDGhw= =F4GF -----END PGP SIGNATURE-----
Current thread:
- Stack smashing in libjpeg-turbo Bastien ROUCARIES (Nov 06)
- Re: Stack smashing in libjpeg-turbo Michal Zalewski (Nov 06)
- Re: Stack smashing in libjpeg-turbo Michal Zalewski (Nov 06)
- Re: Stack smashing in libjpeg-turbo Bastien ROUCARIES (Nov 22)
- Re: Stack smashing in libjpeg-turbo cve-assign (Nov 25)
- Re: Stack smashing in libjpeg-turbo Michal Zalewski (Nov 06)