oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Fuzzing jasper

From: Tomas Hoger <thoger () redhat com>
Date: Fri, 13 Jan 2017 15:04:47 +0100
On Sat, 22 Oct 2016 21:00:23 -0400 (EDT) cve-assign () mitre org wrote:


https://github.com/mdadams/jasper/issues/28
Heap overflow in jpc_dec_cp_setfromcox()  



AddressSanitizer: heap-buffer-overflow
WRITE of size 1  



malformed jpeg2000 file  



jpc_dec_cp_setfromcox ... libjasper/jpc/jpc_dec.c:1668:32  


Use CVE-2016-8880.



https://github.com/mdadams/jasper/issues/29
Heap overflow in jpc_getuint16()  



AddressSanitizer: heap-buffer-overflow
WRITE of size 8  



jpc_getuint16 ... libjasper/jpc/jpc_cs.c:1572:8  


Use CVE-2016-8881.


Can the above two CVEs be rejected as duplicates of CVE-2011-4516 and
CVE-2011-4517 respectively?

https://github.com/mdadams/jasper/issues/28#issuecomment-267053875
https://github.com/mdadams/jasper/issues/29#issuecomment-267322934

Thank you!

-- 
Tomas Hoger / Red Hat Product Security
Previous By Date Next
Previous By Thread Next

Current thread: