CVE Request : Use-after-free in openjpeg

[FEIST Josselin <josselin.feist () gmail com>]

Hi,

Use-after-free was found in openjpeg
(https://github.com/uclouvain/openjpeg). The vuln is fixed in version
2.1.1 and was located in opj_j2k_write_mco function. More details are
available here : https://github.com/uclouvain/openjpeg/issues/563.
Is it possible to get a CVE for this ?

Credit goes to the static analyzer Gueb.

Best regards,
Feist Josselin
/
//Timeline ://
//14 August : use-after-free found and reported  //
//6 September : use-after-free fixed/