Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAA7hUgE_sQ+Sxq8OHhi-_iO3yN9xF1bnxvEESszmp4PknPn3Dg@mail.gmail.com>
Date: Wed, 2 Apr 2014 11:15:30 +0200
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: Information on CVE-2014-0158, openjpeg

On 2 April 2014 11:02, Huzaifa Sidhpurwala <huzaifas@...hat.com> wrote:
> On 04/02/2014 02:01 PM, Raphael Geissert wrote:
[...]
>> IIRC without that patch some of the structures were not initialized
>> and applications (like the ones shipped by openjpeg itself) would try
>> to dereference NULL pointers, and just crash - no memory write was
>> involved.
>>
>> Or is there more into CVE-2014-0158 that I might be missing?
>
> I dont agree with this being only a crash. I put some details at:
> https://bugzilla.redhat.com/show_bug.cgi?id=1082925#c1

I do agree with the overall explanation but from that point on I don't
think there is anything in openjpeg that would lead to a heap write
before triggering a null pointer dereference or an OOB heap read. IIRC
the latter being fixed in general by segfault4.patch, which ensures
that all allocated heap memory is initialized.

> Anyway, this CVE is a dupe, MITRE could you please reject this CVE?

Well, depending on the above this specific bug might be split off
CVE-2013-1447 - the original id covered bugs that could only be
classified as leading to denial of service, nothing more.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.