Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 629372 (CVE-2016-10504, CVE-2016-10505, CVE-2016-10506, CVE-2016-10507) - <media-libs/openjpeg-2.2.0: multiple denial of service (CVE-2016-{10504,10505,10506,10507})
Summary: <media-libs/openjpeg-2.2.0: multiple denial of service (CVE-2016-{10504,10505...
Status: RESOLVED FIXED
Alias: CVE-2016-10504, CVE-2016-10505, CVE-2016-10506, CVE-2016-10507
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa cve]
Keywords:
Depends on: CVE-2016-1626, CVE-2016-1628, CVE-2016-9112
Blocks:
  Show dependency tree
 
Reported: 2017-08-30 12:13 UTC by Aleksandr Wagner (Kivak)
Modified: 2017-10-23 01:40 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-08-30 12:13:18 UTC
CVE-2016-10504 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10504):

Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file. 

References:

https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e27d5d011d2c79c04
https://github.com/uclouvain/openjpeg/issues/835

CVE-2016-10505 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10505):

NULL pointer dereference vulnerabilities in the imagetopnm function in convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb function in color.c, and sycc422_to_rgb function in color.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. 

References:

https://github.com/uclouvain/openjpeg/issues/776
https://github.com/uclouvain/openjpeg/issues/784
https://github.com/uclouvain/openjpeg/issues/785
https://github.com/uclouvain/openjpeg/issues/792

CVE-2016-10506 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10506):

Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. 

References:

https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b
https://github.com/uclouvain/openjpeg/issues/731
https://github.com/uclouvain/openjpeg/issues/732
https://github.com/uclouvain/openjpeg/issues/777
https://github.com/uclouvain/openjpeg/issues/778
https://github.com/uclouvain/openjpeg/issues/779
https://github.com/uclouvain/openjpeg/issues/780

CVE-2016-10507 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10507):

Integer overflow vulnerability in the bmp24toimage function in convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file. 

References:

https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8
https://github.com/uclouvain/openjpeg/issues/833
Comment 1 Aleksandr Wagner (Kivak) 2017-08-30 12:14:01 UTC
Stabilization will happen in bug 602180.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2017-10-23 01:40:14 UTC
This issue was resolved and addressed in
 GLSA 201710-26 at https://security.gentoo.org/glsa/201710-26
by GLSA coordinator Aaron Bauman (b-man).