BF Specification of CVE-2015-5221 Use-after-free in JasPer JPEG-2000 before 1.900.2
//generated//
Erroneous Code (in 'mif_process_cmpt()') to Standard Library Deallocate (src/libjasper/mif/mif_cod.c) in leads to Dangling Pointer ('tvp')
, which propagates to Dangling Pointer (in ‘xxx’) Direct Read Standard Library (xxx) in resulting in Use After Deallocate
. If exploited this can lead to DOS (availability loss).
vendor:product: fedoraproject:fedora |
|
|
Class | Definition |
MMN | Memory Management (MMN) class – An object is allocated, deallocated, or resized improperly. |
MUS | Memory Use (MUS) class – An object is initialized, read, written, or cleared improperly. |
Operation | Definition |
Deallocate | Deallocate operation – Release the allocated memory of an object. |
Read | Read operation – Use the value of an object's data. |
Cause/Consequence | Definition |
Code Bug | Code Bug type – Defect in the implementation of the operation – proper operands over an improper operation. A first cause for the chain of weaknesses underlying a software security vulnerability. Must be fixed to resolve the vulnerability. |
Erroneous Code | Erroneous Code bug - There is a coding error in the implementation of the operation. |
Address Error/Fault | Address Fault/Error type – The object address in use is wrong. |
Dangling Pointer | Dangling Pointer fault/error – Still holds the address of its successfully deallocated object (e.g., pointer to a freed heap object or with a returned by a function stack object address). |
Memory Corruption/Disclosure Final Error | Memory Corruption/Disclosure exploitable error type – An exploitable or undefined system behavior caused by memory addressing, allocation, use, and deallocation bugs. |
Use After Deallocate | Use After Deallocate (Use After Free/Return) exploitable error – An attempt to use (dereference, read, write, or clear) a deallocated object (e.g., a freed heap object -- Use After Free) or out of scope object (e.g., returned by a function address of a stack object -- Use After Return). |
Operation Attribute | Definition |
Source Code | Source Code operation attribute type – Shows where the operation with the bug or a faulty operand is in the program – in what kind of software. |
Standard Library | Standard Library operation attribute – The operation code is in the standard library for a particular programming language. |
Mechanism | Mechanism operation attribute type – Shows how the buggy/faulty operation code is performed. |
Direct | Direct operation attribute – The operation is on a particular object element. |
Operand Attribute | Definition |