Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 606618 (CVE-2016-9572, CVE-2016-9573)

Summary: <media-libs/openjpeg-2.2.0: Two flaws in the way openjpeg decompress certain input images (CVE-2016-{9572,9573})
Product: Gentoo Security Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: graphics+disabled, slawomir.nizio
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa cve]
Package list:
=media-libs/openjpeg-2.2.0
Runtime testing required: ---
Bug Depends on: 602180    
Bug Blocks:    

Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-20 15:58:35 UTC
CVE-2016-9573 openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm()

A heap buffer overflow flaw was found in the way openjpeg decompressed certain input images. Due to an insufficient check in the imagetopnm() function, an application using openjpeg to process image data could crash when processing a crafted image.

Upstream bug:

https://github.com/uclouvain/openjpeg/issues/862


CVE-2016-9572 openjpeg: NULL pointer dereference in input decoding

A NULL pointer dereference flaw was found in the way openjpeg decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. 

Upstream bug:

https://github.com/uclouvain/openjpeg/issues/863

Upstream patch:

https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d

Note that the above patch fixes two issues: CVE-2016-9573 as well as CVE-2016-9572.
Comment 1 Agostino Sarubbo gentoo-dev 2017-01-21 16:15:57 UTC
It's great to have those bugs tracked here, but just FTR there are still dozens of unfixed security bugs that come from fuzzing.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-20 18:22:32 UTC
Both issues were fixed in >=media-libs/openjpeg-2.2.0.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2017-08-20 18:48:35 UTC
Stabilization will happen in bug 602180.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-10-23 01:39:57 UTC
This issue was resolved and addressed in
 GLSA 201710-26 at https://security.gentoo.org/glsa/201710-26
by GLSA coordinator Aaron Bauman (b-man).