Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 16 Mar 2016 15:45:04 -0400 (EDT)
From: cve-assign@...re.org
To: winsonliu@...cent.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request - OpenJPEG : Heap Corruption in opj_free function

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> A specially crafted JPEG2000 image file can force Heap Corruption

> opj_decompress -o image.pgm -i heap_corruption.jp2

> double free or corruption (!prev)

> Program received signal SIGABRT, Aborted.

Use CVE-2016-3182.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW6bbKAAoJEL54rhJi8gl5cT0P/1zG9ClKvDPqrs3koMEs3sHB
d6DE0+J17YePaQQEKef5n+i1vuGtgxTg9FceCbK282Wbqh4Grrm0J/5fCtowO/VT
tvibyIcAFfoDIfWFKDNgl/Qcg5aadifGXnae9vR0gl/Zq64GjwW8TsJ7vfaehXDX
X75wcxVzEWblhIXM8hkN7uC2gr4y5BV1L0TNzxpqsgqhwZIC9cOgjJYwhDsIjYgf
3uFex3fnjaQIoCfOkaRVPCT5/bSKyEzVVGLUcXHlKqV+7YNLy89Gx+Fa6EV6s6Yp
aIB9nQw9pryJeQhgMYXA0ZOytPnzoB1imRyl0yxgYV/Y1AX5Iqkp6WJDhHnwQ7Iq
GOB7/HaHxBxz56foASSrqdO0AhyqSwaSnXdzFwPkrz+tD0coeakgTY5OqHYfyCOz
61+2x2wdZrQeaWB3DtEX7LaDdYrg0MkP5itZOaCjIS2yTjOlR2g2WThPVY6rYi+h
z1ET+0XJKiXpi1c3EeC2zbtbA83mxbSOM3ByZmcd9Itix6k6sHRgW8BP5o52VcjQ
B+or7PbrqSvcbykd5KGQ73OkOqF1CF8QGXLumw/0jJJQHjH9dypnvAOLdLmXdQWJ
vO3wGHYck2MV0JHHbwPt+3WMk3+4ARTB6+VASFL7mZcr+dQkNTkCA/32n/k2hDr/
nKUX80QMch2y3XOLq3nB
=t6zO
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.