Vulnerability roundup 53: openjpeg-2.3.0: 1 advisory #51100

ckauhaus · 2018-11-27T08:10:21Z

Scanned versions: nixos-unstable: 80738ed; nixos-18.09: 5d4a1a3. May contain false positives.

The text was updated successfully, but these errors were encountered:

ckauhaus · 2018-11-27T08:11:08Z

See also #49788: CVE-2018-16376 for which no fix was available. Needs review.

periklis · 2018-11-27T09:36:22Z

For CVE-2018-18088 a possible fix is merged in openjpeg's master: uclouvain/openjpeg#1160

periklis · 2018-11-27T09:46:16Z

i will create a PR for the diff

ckauhaus · 2018-11-27T10:59:21Z

I wonder that uclouvain/openjpeg#1160 says something about CVE-2017-17480 not 18088... possible mistake?

periklis · 2018-11-27T12:23:16Z

Actually it is the linked issue in NVD

periklis · 2018-11-27T12:24:07Z

and it seems to solve the issue for the red null dereference in imagetopnm

Ekleog · 2018-12-08T12:06:04Z

This should have been fixed by #51104.

c0bw3b added the 1.severity: security Issues which raise a security issue, or PRs that fix one label Nov 27, 2018

periklis mentioned this issue Nov 27, 2018

openjpeg: fix for CVE-2018-18088 #51104

Closed

10 tasks

Ekleog closed this as completed Dec 8, 2018

ckauhaus mentioned this issue Feb 7, 2019

Vulnerability roundup 61: openjpeg-2.3.0: 1 advisory #55389

Closed

1 task

Provide feedback