oss-sec mailing list archives
Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690)
From: cve-assign () mitre org
Date: Sat, 22 Oct 2016 21:02:46 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
AddressSanitizer: SEGV on unknown address 0x000000000000 0x7f90527a18fd in bmp_getdata ... jasper-1.900.5/src/libjasper/bmp/bmp_dec.c:394:5
Use CVE-2016-8884.
AddressSanitizer: SEGV on unknown address 0x000000000000 0x7f888b2f5a43 in bmp_getdata ... jasper-1.900.5/src/libjasper/bmp/bmp_dec.c:398:5
Use CVE-2016-8885. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYDAr0AAoJEHb/MwWLVhi2WH0P/i6yUAGi6CE1rRZQ+qXQbA03 SNbVOIpbLyceSU4JOM0IL6LjTNUyM3MMwaOt14br8cm4TBuiBbJXK36fLuZyVaBY zC037f4NsnDhekzA34pnodMTZDOk/VpNARXr9OM8fvCDfou1idGoSuXuyb3OG/V+ clbafuDXOT5yqGmDRDmzGX9NeGqbIMjdn3wra1fqeFDXwWOpWMqL+WhnxxVOyIXW G5Yh1VZmyGYa8otw56CPll9lZtovv46nyOT4XKgOpvjBWqLkVRVlwon1+AXVUKT4 ZFeL7QrElFSnQccCxKrmjTk2LVsbU5GE+W9enbnxM4KNVffgQF8XVIJq7PUsbBR8 bSlSumZCmw8lZPuNZjE35Vne5pMpg3PZgMFLq2eMOgdp07uOF7cQCh1/17pzrKmE s0DUOIvfXQ2ojKikI41wrdC6L6MAs5ZTw3UdgGKdn6hxDmdotUAeujuRNu/Sd1zV L7ut/q7Vvh4J89Cy2WWglcNEtlqgObVpq+N6QWau9GvK3fq4gNC4xDQB+tREy2Xb n/zO16iTGTdvBvnyTgmRFIIYf94YG7heoYyUZnyoVawXWo+d4hy8fKT5Eges8d2v AiUh2lPmySXhIQ8vQmSq5qw31cdGWaV+49yBrhxRv1uM/kCeRzh3zwr+UdSyzpsF xIsmVdtbbQn29X5zyq8n =+kLm -----END PGP SIGNATURE-----
Current thread:
- jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) Agostino Sarubbo (Oct 18)
- Re: jasper: two NULL pointer dereference in bmp_getdata (bmp_dec.c) (Incomplete fix for CVE-2016-8690) cve-assign (Oct 22)