CVE-2016-9573 openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm() A heap buffer overflow flaw was found in the way openjpeg decompressed certain input images. Due to an insufficient check in the imagetopnm() function, an application using openjpeg to process image data could crash when processing a crafted image. Upstream bug: https://github.com/uclouvain/openjpeg/issues/862 CVE-2016-9572 openjpeg: NULL pointer dereference in input decoding A NULL pointer dereference flaw was found in the way openjpeg decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. Upstream bug: https://github.com/uclouvain/openjpeg/issues/863 Upstream patch: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d Note that the above patch fixes two issues: CVE-2016-9573 as well as CVE-2016-9572.
It's great to have those bugs tracked here, but just FTR there are still dozens of unfixed security bugs that come from fuzzing.
Both issues were fixed in >=media-libs/openjpeg-2.2.0.
Stabilization will happen in bug 602180.
This issue was resolved and addressed in GLSA 201710-26 at https://security.gentoo.org/glsa/201710-26 by GLSA coordinator Aaron Bauman (b-man).
