[Secure-testing-commits] r55156 - data/CVE

László Böszörményi gcs at moszumanska.debian.org
Mon Aug 28 15:21:29 UTC 2017


Author: gcs
Date: 2017-08-28 15:21:29 +0000 (Mon, 28 Aug 2017)
New Revision: 55156

Modified:
   data/CVE/list
Log:
Add new openjpeg2 issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-28 15:13:45 UTC (rev 55155)
+++ data/CVE/list	2017-08-28 15:21:29 UTC (rev 55156)
@@ -1,3 +1,15 @@
+CVE-2017-XXXX [stack-based buffer overflow write in pgxtoimage]
+	- openjpeg2 <unfixed>
+	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
+	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/
+CVE-2017-XXXX [invalid memory write in tgatoimage]
+	- openjpeg2 <unfixed>
+	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281
+	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
+CVE-2017-XXXX [heap-based buffer overflow in opj_t2_encode_packet]
+	- openjpeg2 <unfixed>
+	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e
+	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/
 CVE-2017-XXXX [memory allocation failure in MagickRealloc]
 	- graphicsmagick <unfixed>
 	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d




More information about the Secure-testing-commits mailing list