Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 646774 (CVE-2018-5727, CVE-2018-5785, CVE-2018-6616) - <media-libs/openjpeg-2.3.1: Multiple vulnerabilities
Summary: <media-libs/openjpeg-2.3.1: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-5727, CVE-2018-5785, CVE-2018-6616
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks: CVE-2017-17479, CVE-2017-17480
  Show dependency tree
 
Reported: 2018-02-06 14:51 UTC by GLSAMaker/CVETool Bot
Modified: 2019-08-11 21:55 UTC (History)
2 users (show)

See Also:
Package list:
media-libs/openjpeg-2.3.1
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-06 14:51:21 UTC 
CVE-2018-6616 (https://nvd.nist.gov/vuln/detail/CVE-2018-6616):
  In OpenJPEG 2.3.0, there is excessive iteration in the opj_t1_encode_cblks
  function of openjp2/t1.c. Remote attackers could leverage this vulnerability
  to cause a denial of service via a crafted bmp file.

CVE-2018-5785 (https://nvd.nist.gov/vuln/detail/CVE-2018-5785):
  In OpenJPEG 2.3.0, there is an integer overflow caused by an out-of-bounds
  left shift in the opj_j2k_setup_encoder function (openjp2/j2k.c). Remote
  attackers could leverage this vulnerability to cause a denial of service via
  a crafted bmp file.

CVE-2018-5727 (https://nvd.nist.gov/vuln/detail/CVE-2018-5727):
  In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the
  opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage
  this vulnerability to cause a denial of service via a crafted bmp file.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-06-10 19:51:25 UTC 
x86 stable
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2019-06-11 02:23:24 UTC 
arm64 stable
Comment 3 Rolf Eike Beer archtester 2019-06-12 05:24:16 UTC 
sparc stable
Comment 4 Markus Meier gentoo-dev 2019-06-13 04:25:58 UTC 
arm stable
Comment 5 Agostino Sarubbo gentoo-dev 2019-06-13 14:12:23 UTC 
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2019-06-13 14:17:53 UTC 
s390 stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-06-13 14:19:12 UTC 
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-06-13 14:31:25 UTC 
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2019-06-13 14:52:41 UTC 
ia64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2019-06-14 09:00:27 UTC 
alpha stable
Comment 11 Rolf Eike Beer archtester 2019-07-05 16:59:30 UTC 
hppa stable
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2019-08-02 00:20:19 UTC 
@maintainer(s), please clean 2.3.0-r1