[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: jasper: signed integer overflow in jas_image.c
From: <cve-assign () mitre ! org>
Date: 2016-11-23 0:15:59
Message-ID: d2bf58cac9ea4f93b050e6779b105caa () imshyb02 ! MITRE ! ORG
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
> the commit which fixes the issue is not a fix itself for the
> signed integer overflow, but changed a bit how, in jasper, the things work.
> jasper-1.900.17/src/libjasper/base/jas_image.c:162:49:
> runtime error: signed integer overflow: 8543608947741818625 * 15 cannot be
> represented in type 'long'
> https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
Use CVE-2016-9557 for the issues addressed by these
d42b2388f7f8e0332c846675133acea151fc557a changes:
Some problematic types like uchar, ulong, and friends have been replaced
with names with a jas_ prefix.
...
An option max_samples has been added to the BMP and JPEG decoders to
restrict the maximum size of image that they can decode. This change
was made as a (possibly temporary) fix to address security concerns.
...
Some new integer overflow checks were added.
...
Some new safe integer add/multiply functions were added.
(max_samples has a default of 64 Mb or 128 Mb in different parts of
the code.)
- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJYNN5mAAoJEHb/MwWLVhi2PqwP/RE8yNmQrXTrAhA7RpB9MxLv
AoBQfv6ap9aaF/K4UgMSLxny6eojVBkz6Ju0nlIfD8KGXQX3DvGCHdjPRFfi8vfe
5S63tmUz0me6PPfkoHnd8uro1z12St46TvMZQv4XeTi0U+FQWzQFtjBn7A7YLKdo
DAzZn/FXbB9s7RGXSY1A0O+0u0sxLN1pJeVODBDfcSyZarruYMQD1cAYtLGJsmD2
D61l6Xk9GcZabxAzhL6rHtQR2ZSxbjtDWfHrgui/retHALcIxSFlr5tLVC6h+4Av
NDfwOQuTlMh0aXb9AyCoGaXUt4N7dMLEO+uFoDNWoprPabA4QChaTUizr0QG2lIh
w8wnJ83veuhnp3FUNwtBjjwS4Cy8x0rqrWSFggFBKUzbvieQlOa8zbzhzM5ldMgy
ULzJ9eg+xNeVlAwp19YfNfEFif4LnkdHiybUIkwk8ErV49EgVeXKIc+XPYdgrjsK
CxdO783e4Putc1jjNNI869bbO2P2eOBUwTIcA2c55UceKsSTlMg/NLEbQsKXnMMF
liXpxyLf65Kc5lZBEzSCONBoz8h6Hb7Oq1kp2ekaUCjA8RJpunOobA2DGe5FIksh
4xXe/xan+GTLkOLbqoPg5tWSI0uSYvDV57bmQZPopqFbyKP4//3NZsHcS9NUWYFh
orerLmhz6lsZ4Ri5Q+8P
=Za2r
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic