[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: Heap-based buffer overflow in openjpeg
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-08-27 6:31:37
Message-ID: 503B1449.2060808 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/27/2012 12:19 AM, Huzaifa Sidhpurwala wrote:
> Hi Folks,
> 
> I discovered a heap-based buffer-overflow in openjpeg, when
> decoding JPEG200 images. More details at:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=842918 
> http://code.google.com/p/openjpeg/issues/detail?id=170
> 
> This seems to affect versions 1.3 , upto the latest release 
> version.
> 
> Upstream is currently working on the fix.
> 
> Can a CVE id be please assigned to this flaw?

Please use CVE-2012-3535 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQOxRJAAoJEBYNRVNeJnmTfdsP/i8ksY0ZJjMbGf+deF6vJ+3d
NLzLLhZZVJZrqeuVJN6IL+94x24OTOMbnZHVkC3aQzl7K0ucM5pblTA7hOcOI1cw
T2Yy9+Yr7K8zZ8c3GJIZ5TH3PsYHMdtm5FGAUPIg2h+dOWIVvm9xD8ldus0qXt5C
paPWCmq9ZrQPnrOPqDB7KyklRPnS16mYK8hzL3tpkSD2FwjBDxqXDLvC8cHHIu/5
znZUl4tVt8tHGwAHxBjeNRZ7h8no+Sq2mcfVRGCCCQhO/YRRnCGllbHIAfMb+LeT
M+Ylw8MewFGcA+MBV4ju0KtDbT3W7626+H349xJoyJnPpjF6atfZsnBNzWVYa+t0
S2Okgnun6TBzhmbDGr9HyTTF1G59pIC3/OpTU8XAHLsZctBwTonD1Zv9+Lo0ZV12
6P5rrPXAI5GvdeV9okhTF6LAY5JyrUCuLNo4eWsJ/gWo24kYvvXBDsT0ZIPCW9Y2
fg6ZMBpQo1q3b9c5pr4QvRhRXgqvWfbiL36Vj+zMk2oP0bgA/NuOrGeAuXmpqUQ9
KCxU2rkBGGr4bJEGQxe7e3uyelgiU9rxyH3ygDrJhm/+E/wGraPmOPNxs0jTwF9n
DREFBeZ4ZbL+UQYsTzQou9RRjmkt4Ptw1I7nc6u05lK6nDEJv8Ev3fjPubRk75HQ
Cfv+kRwwgfFR4x9bbymu
=4189
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]