oss-sec mailing list archives

Re: CVE Request : Use-after-free in openjpeg

From: Moritz Muehlenhoff <jmm () debian org>
Date: Thu, 12 May 2016 23:16:48 +0200

On Tue, Sep 15, 2015 at 05:33:55PM +0200, FEIST Josselin wrote:

Hi,

Use-after-free was found in openjpeg
(https://github.com/uclouvain/openjpeg). The vuln is fixed in version
2.1.1 and was located in opj_j2k_write_mco function. More details are
available here : https://github.com/uclouvain/openjpeg/issues/563.
Is it possible to get a CVE for this ?

Credit goes to the static analyzer Gueb.


Explicitly adding cve-assign to CC, this seems to have fallen through
the cracks.

Cheers,
        Moritz

Current thread:

Re: CVE Request : Use-after-free in openjpeg Moritz Muehlenhoff (May 12)
- <Possible follow-ups>
- Re: CVE Request : Use-after-free in openjpeg cve-assign (May 12)