oss-sec mailing list archives
Re: Re: Fuzzing jasper
From: Tomas Hoger <thoger () redhat com>
Date: Fri, 13 Jan 2017 15:04:47 +0100
On Sat, 22 Oct 2016 21:00:23 -0400 (EDT) cve-assign () mitre org wrote:
https://github.com/mdadams/jasper/issues/28 Heap overflow in jpc_dec_cp_setfromcox()AddressSanitizer: heap-buffer-overflow WRITE of size 1malformed jpeg2000 filejpc_dec_cp_setfromcox ... libjasper/jpc/jpc_dec.c:1668:32Use CVE-2016-8880.https://github.com/mdadams/jasper/issues/29 Heap overflow in jpc_getuint16()AddressSanitizer: heap-buffer-overflow WRITE of size 8jpc_getuint16 ... libjasper/jpc/jpc_cs.c:1572:8Use CVE-2016-8881.
Can the above two CVEs be rejected as duplicates of CVE-2011-4516 and CVE-2011-4517 respectively? https://github.com/mdadams/jasper/issues/28#issuecomment-267053875 https://github.com/mdadams/jasper/issues/29#issuecomment-267322934 Thank you! -- Tomas Hoger / Red Hat Product Security
Current thread:
- Re: Re: Fuzzing jasper Tomas Hoger (Jan 13)