oss-sec mailing list archives

CVE-2016-9580 CVE-2016-9581 openjpeg2: heap buffer oevrflows

From: Adam Maris <amaris () redhat com>
Date: Fri, 09 Dec 2016 16:44:17 +0100

Hello,

We've assigned CVEs for following issues:

 https://github.com/uclouvain/openjpeg/issues/871


CVE-2016-9580 integer overflow in tiftoimage resulting into heap buffer
overflow

 https://github.com/uclouvain/openjpeg/issues/872


CVE-2016-9581 infinite loop in tiftoimage resulting into heap buffer
overflow in convert_32s_C1P1

Both were fixed by https://github.com/szukw000/openjpeg/commit/cadff5fb
6e73398de26a92e96d3d7cac893af255

Regards,

-- 
Adam Mariš, Red Hat Product Security
1CCD 3446 0529 81E3 86AF  2D4C 4869 76E7 BEF0 6BC2

Current thread:

CVE-2016-9580 CVE-2016-9581 openjpeg2: heap buffer oevrflows Adam Maris (Dec 09)