oss-security - Re: CVE Request : Use-after-free in openjpeg

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-Id: <20160513031601.D166C72E017@smtpvbsrv1.mitre.org>
Date: Thu, 12 May 2016 23:16:01 -0400 (EDT)
From: cve-assign@...re.org
To: jmm@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request : Use-after-free in openjpeg

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> Use-after-free was found in openjpeg
> (https://github.com/uclouvain/openjpeg). The vuln is fixed in version
> 2.1.1 and was located in opj_j2k_write_mco function. More details are
> available here : https://github.com/uclouvain/openjpeg/issues/563.
> Is it possible to get a CVE for this ?

>> https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f
>> j2k.c

Use CVE-2015-8871.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXNUZ9AAoJEHb/MwWLVhi2kZcP/iL6ppset8OqSb3ZD3OWUjaF
JarptdmZEX7Ay6Kzt9BBfYqAhR+Nz3xIpQa+vvNDnvP+ITZ2m9J7zVbTd5iIRAkw
FXe+6zhXwAGzjHCuFOVeDPZXyfB8v4tNCFNon4cpz0p+CDnJavo0ZQlsS4S8U8FN
CbnuJUuz1EfbvGtG3GNh2yfdQCK9xX/qzdm+3TjM9FK+THqe3BvIBQ3PK+kEbcgv
95kSt9rothzIdnE9llyosB5oQeaqgBPbksQUc1WB4OGz3H1aazjcSsGp+54bSaUu
AgHyF1fRjiR0M771ouRMHo+Ug+0mvbWZiFpwPlzVGV2dPb4YLQpWvZVaOENwdcb9
RWISBA1NcgbTWPBCJoLt7mgXOlHhm5qBkFXqwpO6ZfQDDoVlPHanp1MQ2CRur87r
Z9FeRrYUuwH80ndtexD5zMCKnVup+tP6XXudeZJ1FmG394+7du/JnBznohBiPXTh
K40wRp9mMjsv/jgDoS9Xg6+VzFVHHMvQ8m1KDJacmexHoLHubeAYc32RAJfAZMnC
P1w3rSV32K6RKGIUnyINAgmzenrbuRxg96Ghq52djEvW2K9PyHFx26F4rlLnOPro
M4ErrCfvcYNPuyX0vK2zvbzTFRPx5yt6WjAJ4P704fIEUqaDUSWdrYY6/exiN0Kp
j4XA4VMjVHcbfrPwEW8t
=s3Bf
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.