[Secure-testing-commits] r46276 - data/CVE

Thu Nov 17 12:09:20 UTC 2016

Author: carnil
Date: 2016-11-17 12:09:20 +0000 (Thu, 17 Nov 2016)
New Revision: 46276

Modified:
   data/CVE/list
Log:
Add last round of CVEs for jasper

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2016-11-17 12:05:35 UTC (rev 46275)
+++ data/CVE/list	2016-11-17 12:09:20 UTC (rev 46276)
@@ -1,7 +1,24 @@
+CVE-2016-9399 [jpc_dec.c:1650: void calcstepsizes(uint_fast16_t, int, uint_fast16_t *): Assertion `!((expn + (numrlvls - 1) - (numrlvls - 1 - ((bandno > 0) ? ((bandno + 2) / 3) : (0)))) & (~0x1f))' failed.]
+	- jasper <removed> (unimportant)
+	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00044-jasper-assert-calcstepsizes
+	NOTE: Negligable security impact
+CVE-2016-9398 [jpc_math.c:94: int jpc_floorlog2(int): Assertion `x > 0' failed.]
+	- jasper <removed> (unimportant)
+	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00023-jasper-assert-jpc_floorlog2
+	NOTE: Negligable security impact
+CVE-2016-9397 [jpc_dec.c:1817: void jpc_dequantize(jas_matrix_t *, jpc_fix_t): Assertion `absstepsize >= 0' failed.]
+	- jasper <removed> (unimportant)
+	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00010-jasper-assert-jpc_dequantize
+	NOTE: Negligable security impact
+CVE-2016-9396 [jpc_t1cod.c:144: int JPC_NOMINALGAIN(int, int, int, int): Assertion `qmfbid == 0x01' failed.]
+	- jasper <removed> (unimportant)
+	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00004-jasper-assert-JPC_NOMINALGAIN
+	NOTE: Negligable security impact
 CVE-2016-9395 [jas_seq.c:90: jas_matrix_t *jas_seq2d_create(int, int, int, int): Assertion `xstart <= xend && ystart <= yend' failed.]
-	- jasper <removed>
+	- jasper <removed> (unimportant)
 	NOTE: Fix: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
 	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00043-jasper-assert-jas_matrix_t
+	NOTE: Negligable security impact
 CVE-2016-9394
 	- jasper <removed> (unimportant)
 	NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330


