oss-sec mailing list archives
Re: Re: jasper: multiple crashes with UBSAN
From: Agostino Sarubbo <ago () gentoo org>
Date: Tue, 17 Jan 2017 11:30:36 +0100
On Monday 16 January 2017 19:06:47 cve-assign () mitre org wrote:
http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/ [] jasper-1.900.17/src/libjasper/include/jasper/jas_math.h:156:11 runtime error: left shift of negative value -185Use CVE-2017-5498.[] jasper-1.900.17/src/libjasper/jpc/jpc_dec.c:1838:9 runtime error: signed integer overflow: -64356352 *
6359082673847140352
cannot be represented in type 'long'Use CVE-2017-5499.[] jasper-1.900.17/src/libjasper/jpc/jpc_dec.c:1819:40 runtime error: shift exponent 117 is too large for 64-bit type 'jpc_fix_t' (aka 'long')Use CVE-2017-5500.[] jasper-1.900.17/src/libjasper/jpc/jpc_tsfb.c:233:35 runtime error: signed integer overflow: 2013306369 + 251691968
cannot be
represented in type 'int'Use CVE-2017-5501.[] jasper-1.900.17/src/libjasper/jp2/jp2_dec.c:485:49 runtime error: left shift of negative value -26Use CVE-2017-5502. -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ]
The previous mail clearly state:
Timeline: 2016-10-28: bug discovered and reported to upstream
Why CVE-2017-* ? -- Agostino
Current thread:
- jasper: multiple crashes with UBSAN Agostino Sarubbo (Jan 16)
- Re: jasper: multiple crashes with UBSAN cve-assign (Jan 16)
- Re: Re: jasper: multiple crashes with UBSAN Agostino Sarubbo (Jan 17)
- Re: jasper: multiple crashes with UBSAN cve-assign (Jan 17)
- Re: Re: jasper: multiple crashes with UBSAN Agostino Sarubbo (Jan 17)
- Re: jasper: multiple crashes with UBSAN cve-assign (Jan 16)