BF Specification of CVE-2015-5221 Use-after-free in JasPer JPEG-2000 before 1.900.2
-0.png)
//generated//
Erroneous Code (in 'mif_process_cmpt()') to Standard Library Deallocate (src/libjasper/mif/mif_cod.c) in leads to Dangling Pointer ('tvp')
, which propagates to Dangling Pointer (in ‘xxx’) Direct Read Standard Library (xxx) in resulting in Use After Deallocate
. If exploited this can lead to DOS (availability loss).
|
|
|
| Class | Definition |
| MMN | Memory Management (MMN) class – An object is allocated, resized, or deallocated improperly. |
| MUS | Memory Use (MUS) class – An object is initialized, read, written, or cleared improperly. |
| Operation | Definition |
| Deallocate | Deallocate operation – Release the allocated memory of an object. |
| Read | Read operation – Retrieve the data value of an object from memory. |
| Cause/Consequence | Definition |
| Code Bug | Code Bug type – An error in the implementation of an operation – proper operands over an improper operation. It is the roor cause of a security vulnerability. Must be fixed to resolve the vulnerability. |
| Erroneous Code | Erroneous Code bug - There is a coding error in the implementation of the operation. |
| Address Error/Fault | Address Fault/Error type – The address of an object is wrong. |
| Dangling Pointer | Dangling Pointer fault/error – Still holds the address of its successfully deallocated object (e.g., a pointer to a freed heap object or address of a stack object returned by a function). |
| Memory Corruption/Disclosure Final Error | Memory Corruption/Disclosure final error type – An exploitable or undefined system behavior caused by memory addressing, allocation, use, or deallocation bugs. |
| Use After Deallocate | use after free or use after return) final error – An attempt to use (dereference, read, write, or clear) a deallocated object (e.g., via a pointer to a freed or reallocated heap object -- use after free) or out of scope object (e.g., via a returned by a function pointer to a stack object -- use after return). |
| Operation Attribute | Definition |
| Source Code | Source Code operation attribute type – Shows where the code of the operation with a bug or faulty operand resides within the software, firmware, or hardware. |
| Standard Library | Standard Library operation attribute – The operation code is in the standard library for a particular programming language. |
| Mechanism | Mechanism operation attribute type – Shows how the operation the operation with a bug or faulty operand is performed. |
| Direct | Direct operation attribute – The operation is on a particular object element. |
| Operand Attribute | Definition |