You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
we have detected that your project may be vulnerable to Out-of-bounds Write in the function of jpc_ppxstab_insert in the file of src/libjasper/jpc/jpc_dec.c . It shares similarities to a recent CVE disclosure CVE-2022-29776 in the https://github.com/ONLYOFFICE/core. The source vulnerability information is as follows:
Vulnerability Detail:
CVE Identifier: CVE-2022-29776
Description: Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-29776
Patch: ONLYOFFICE/core@88cf60a
Would you help to check if this bug is true? If it's true, I'd like to open a PR for that if necessary. Thank you for your effort and patience!
The text was updated successfully, but these errors were encountered:
@Crispy-fried-chicken: The Onlyoffice Document Server project needs to determine if the bug lies in JasPer or the Onlyoffice Document Server software. If I am understanding you correctly, you are only speculating that a bug might exist in JasPer, as it is also entirely possible that the bug is in the Onlyoffice Document Server software.
Hi,
we have detected that your project may be vulnerable to Out-of-bounds Write in the function of
jpc_ppxstab_insert
in the file ofsrc/libjasper/jpc/jpc_dec.c
. It shares similarities to a recent CVE disclosure CVE-2022-29776 in the https://github.com/ONLYOFFICE/core.The source vulnerability information is as follows:
Would you help to check if this bug is true? If it's true, I'd like to open a PR for that if necessary. Thank you for your effort and patience!
The text was updated successfully, but these errors were encountered: