[Secure-testing-commits] r55156 - data/CVE
László Böszörményi
gcs at moszumanska.debian.org
Mon Aug 28 15:21:29 UTC 2017
Author: gcs
Date: 2017-08-28 15:21:29 +0000 (Mon, 28 Aug 2017)
New Revision: 55156
Modified:
data/CVE/list
Log:
Add new openjpeg2 issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-28 15:13:45 UTC (rev 55155)
+++ data/CVE/list 2017-08-28 15:21:29 UTC (rev 55156)
@@ -1,3 +1,15 @@
+CVE-2017-XXXX [stack-based buffer overflow write in pgxtoimage]
+ - openjpeg2 <unfixed>
+ NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
+ NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/
+CVE-2017-XXXX [invalid memory write in tgatoimage]
+ - openjpeg2 <unfixed>
+ NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281
+ NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
+CVE-2017-XXXX [heap-based buffer overflow in opj_t2_encode_packet]
+ - openjpeg2 <unfixed>
+ NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e
+ NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/
CVE-2017-XXXX [memory allocation failure in MagickRealloc]
- graphicsmagick <unfixed>
NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d
More information about the Secure-testing-commits
mailing list