oss-sec mailing list archives
Re: CVE Request - OpenJPEG: Security Fixes
From: cve-assign () mitre org
Date: Thu, 12 May 2016 23:53:59 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
1. Issue 774 OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb of color.c Fixed via https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91
Use CVE-2016-4796.
3. Issue 733 OpenJPEG division-by-zero in function opj_tcd_init_tile of tcd.c Fixed via https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c
Use CVE-2016-4797. Note that the problematic "(OPJ_UINT32)-1) / l_data_size" was apparently introduced in a patch addressing out-of-bounds read (or heap-based buffer over-read) vulnerabilities. See the pdfium.googlesource.com reference in CVE-2014-7947. In other words, CVE-2016-4797 exists because of an incorrect fix for CVE-2014-7947. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXNU9PAAoJEHb/MwWLVhi28X4QAIGR60vQpZzIhEywfDxkjIBR dSoym8oeHcYmXJ3ss2YRbh7+SWIstc3gu9cM3BXTuvyIQqsjN0uMf4/GOYanYUe4 5BtBptTnJlZW+mR+SfZ3Q/ykY3ysTgQMx93114gSj+5+JPS22rb3SM9PiaofeMgh 1NMGfI91bpp/KotoChumac2ySmA6ozyPXitOhBcu/fYipJAAnymxg0msmXqemjY8 HC9yjamL5RxvNSl8ljJsB67A7HJ9tvW8zvDUv6w6Q7s6LvbnCdQKJi62gj8/s+u4 bPP5KlfFdqDSVmQuMbhFwC+g1LfH5wPzjeKo9B2HFZnXPU/MMlHiTLM+Sw2ZPaAK y1iZiHJWgoVcgEWRDmBim698GqITbkvkIuIhr/Wwr5JG9VogTmwkEyoHsSUpvybh 0xtT9po9hyWpli0pzCrEVMOEhg3IIa8l2HY7QK0QwpQgIiOS5FqoDQGx+rE257zX ycEjCotU9ut0x9NvuoEZ4Vcij9uuN4LOq936TwbDCL7Mrl2+/sKzUggl9NdiwLOz zulrm15VG76PcyrdlBxg5Mz+T3jKnGeASvuIFGvFNAqgDbo1a9aNPsqZqt9PQGms tYOD46BI1j04y0lO0+0kzuKM6KQD2I5P481mlxwNkpak8ZbYh2nk+v+sbtE6mQh/ f76PMrF6mhLea5mECvFK =0Yri -----END PGP SIGNATURE-----
Current thread:
- CVE Request - OpenJPEG: Security Fixes 刘科 (May 11)
- Re: CVE Request - OpenJPEG: Security Fixes Moritz Muehlenhoff (May 12)
- Re: CVE Request - OpenJPEG: Security Fixes cve-assign (May 12)
- <Possible follow-ups>
- Re: Re: CVE Request - OpenJPEG: Security Fixes WinsonLiu (May 12)