oss-sec mailing list archives
Re: Fuzzing jasper
From: cve-assign () mitre org
Date: Sat, 15 Oct 2016 23:02:29 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
AddressSanitizer: SEGV on unknown address 0x527ebf in bmp_getdata ... jasper-1.900.1/src/libjasper/bmp/bmp_dec.c:383:5 AddressSanitizer: SEGV on unknown address 0x528252 in bmp_getdata ... jasper-1.900.1/src/libjasper/bmp/bmp_dec.c:385:5
Use CVE-2016-8690 for both of these (the first and fifth items in the http://www.openwall.com/lists/oss-security/2016/08/23/6 post).
AddressSanitizer: FPE on unknown address 0x56de63 in jpc_dec_process_siz ... jasper-1.900.1/src/libjasper/jpc/jpc_dec.c:1195:17
Use CVE-2016-8691.
AddressSanitizer: FPE on unknown address 0x56dee3 in jpc_dec_process_siz ... jasper-1.900.1/src/libjasper/jpc/jpc_dec.c:1197:18
Use CVE-2016-8692.
AddressSanitizer: attempting double-free 0x51f8f8 in mem_close ... jasper-1.900.1/src/libjasper/base/jas_stream.c:1073:3
Use CVE-2016-8693. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYAu2GAAoJEHb/MwWLVhi2D2wQAI6W9/5UOJJD9vMc25GdYVGo Is0tX/21v2ibFpgyAAHBLaQd1ohNeu9U5Y6Nj9lAYAydmcoEZrXX9FxEMNp6XlI3 ybIDOapRLsjqLovdEzZUEnEDiHWAFS/t/p4hZv67PB7fHWKkeA3QhthSf3OlGVNm IDQX8jMzhb96ZLS9aq5Hlz28K2z2Bx9j08WXQ0Fkp2ksMOCdNF0QwRp1TuA7Ork8 gtxNSVS+r8oAwWBH9fdwU8d9rgBoh0nkMVt9PJex5Hd4ys8CrOS6gBBc9HqDcxdc bVdYRUuNbXJjZdlOcfQU37a6MyWJ0gCmCp6xs7u1joAnNmzT9C894xLInJFzx37n JVqNBMltWgkkp1ClyVIdkRJErif2JstRpL59JBaMXgSRD0ZCZRsMrehc6SobX0A1 iUGxdjG/jpP7c8ZPaC2SS/1y0cEpP7CsbDFliZaGxt6QcKOfNqs33L3DSuc7qn0d OJIH4GMNlZQFgf7+c67+ZSi86HVmTda9DJjm2a9uqU7tKKE/kJWC9OyWTef9K0aJ 1HAu1yNjgGmc/oIIMCk/8wNO4UqlHiXhcF/kjWUBc4/eTAPxYLHSH5703HTStaVU EN0ONeBMsfx6lhZgoJqDC+ItztjnDR90VGJyrH98XoEn+3KzjGkgEeaYv/N/mUfw Q/58lzCKYeVI4ovM1u+J =1lOZ -----END PGP SIGNATURE-----
Current thread:
- Re: Fuzzing jasper cve-assign (Oct 15)
- Re: Re: Fuzzing jasper Graham Christensen (Oct 16)
- Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
- Re: Re: Fuzzing jasper Hanno Böck (Oct 16)
- Re: Re: Fuzzing jasper Agostino Sarubbo (Oct 17)
- Re: Fuzzing jasper cve-assign (Oct 22)
- Re: Fuzzing jasper cve-assign (Oct 23)
- <Possible follow-ups>
- Re: Fuzzing jasper Agostino Sarubbo (Oct 16)
- Re: Re: Fuzzing jasper Graham Christensen (Oct 16)