oss-sec mailing list archives
Re: Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c)
From: Agostino Sarubbo <ago () gentoo org>
Date: Tue, 17 Jan 2017 11:33:21 +0100
On Monday 16 January 2017 19:11:33 cve-assign () mitre org wrote:
[] https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jas _matrix_asl-jas_seq-c AddressSanitizer: SEGV on unknown address The signal is caused by a READ memory access. jas_matrix_asl ... jasper-1.900.27/src/libjasper/base/jas_seq.c:376:11Use CVE-2017-5505. -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ]
The previous mail clearly state:
Timeline: 2016-11-20: bug discovered and reported to upstream
Why a CVE-2017-* ? -- Agostino
Current thread:
- jasper: invalid memory read in jas_matrix_asl (jas_seq.c) Agostino Sarubbo (Jan 16)
- Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c) cve-assign (Jan 16)
- Re: Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c) Agostino Sarubbo (Jan 17)
- Re: jasper: invalid memory read in jas_matrix_asl (jas_seq.c) cve-assign (Jan 16)