Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 646774 (CVE-2018-5727, CVE-2018-5785, CVE-2018-6616)

Summary: <media-libs/openjpeg-2.3.1: Multiple vulnerabilities
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: graphics, herrtimson
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
media-libs/openjpeg-2.3.1
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 640534    

Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-06 14:51:21 UTC
CVE-2018-6616 (https://nvd.nist.gov/vuln/detail/CVE-2018-6616):
  In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks
  function of openjp2/t1.c. Remote attackers could leverage this vulnerability
  to cause a denial of service via a crafted bmp file.

CVE-2018-5785 (https://nvd.nist.gov/vuln/detail/CVE-2018-5785):
  In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds
  left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote
  attackers could leverage this vulnerability to cause a denial of service via
  a crafted bmp file.

CVE-2018-5727 (https://nvd.nist.gov/vuln/detail/CVE-2018-5727):
  In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the
  opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage
  this vulnerability to cause a denial of service via a crafted bmp file.
Comment 1 Thomas Deutschmann gentoo-dev Security 2019-06-10 19:51:25 UTC
x86 stable
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-06-11 02:23:24 UTC
arm64 stable
Comment 3 Rolf Eike Beer 2019-06-12 05:24:16 UTC
sparc stable
Comment 4 Markus Meier gentoo-dev 2019-06-13 04:25:58 UTC
arm stable
Comment 5 Agostino Sarubbo gentoo-dev 2019-06-13 14:12:23 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2019-06-13 14:17:53 UTC
s390 stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-06-13 14:19:12 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-06-13 14:31:25 UTC
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2019-06-13 14:52:41 UTC
ia64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2019-06-14 09:00:27 UTC
alpha stable
Comment 11 Rolf Eike Beer 2019-07-05 16:59:30 UTC
hppa stable
Comment 12 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-08-02 00:20:19 UTC
@maintainer(s), please clean 2.3.0-r1