Home page logo

oss-sec logo oss-sec mailing list archives

Re: libfpx Duplicate CVEs (CVE-2011-5232 and CVE-2012-0025)
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Fri, 2 Nov 2012 13:31:27 -0400 (EDT)


Agree with this duplicate, too.

Keep CVE-2012-0025 and REJECT CVE-2011-5232.


On Tue, 30 Oct 2012, Sean Amoss wrote:

Steve, MITRE, vendors:

Another possible duplicate CVE assignment below :D

CVE-2011-5232 - Double free vulnerability in the Free_All_Memory
function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the
FlashPix PlugIn for IrfanView, allows remote attackers to cause
a denial of service (crash) via a crafted FPX image.


References to http://secunia.com/advisories/47246


CVE-2012-0025 - libfpx "Free_All_Memory()" Double-Free Vulnerability

CVE Assignment: http://www.openwall.com/lists/oss-security/2012/01/03/16

References https://secunia.com/advisories/47246 in assignment above


Sean Amoss
Gentoo Security | GLSA Coordinator
E-Mail    : ackle () gentoo org
GnuPG FP  : E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]