Updated openjpeg2 packages fix security vulnerabilities
Publication date: 03 Nov 2016Modification date: 03 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-3181 , CVE-2016-3182 , CVE-2016-3183 , CVE-2016-4796 , CVE-2016-4797 , CVE-2016-5157 , CVE-2016-7163 , CVE-2016-7445 , CVE-2016-8332
Description
A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in
opj_tcd_free_tile() (CVE-2016-3181).
A specially crafted JPEG2000 image file can force Heap Corruption in
opj_free() (CVE-2016-3182).
A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in
sycc422_to_rgb() (CVE-2016-3183).
OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb() in color.c
(CVE-2016-4796).
OpenJPEG division-by-zero in function opj_tcd_init_tile() in tcd.c
(CVE-2016-4797).
Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c
in OpenJPEG allows remote attackers to execute arbitrary code via
crafted coordinate values in JPEG 2000 data (CVE-2016-5157).
Integer overflow in the opj_pi_create_decode function in pi.c in
OpenJPEG allows remote attackers to execute arbitrary code via a crafted
JP2 file, which triggers an out-of-bounds read or write (CVE-2016-7163).
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a
denial of service (NULL pointer dereference and application crash) via
vectors involving the variable s (CVE-2016-7445).
A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when
parsing a crafted image. An exploitable code execution vulnerability
exists in the jpeg2000 image file format parser as implemented in the
OpenJpeg library. A specially crafted jpeg2000 file can cause an out of
bound heap write resulting in heap corruption leading to arbitrary code
execution (CVE-2016-8332).
References
- https://bugs.mageia.org/show_bug.cgi?id=17536
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/
- https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md
- https://www.debian.org/security/2016/dsa-3665
- https://lists.opensuse.org/opensuse-updates/2016-09/msg00109.html
- http://www.talosintelligence.com/reports/TALOS-2016-0193/
- http://www.openjpeg.org/2016/09/28/OpenJPEG-2.1.2-released
- https://github.com/uclouvain/openjpeg/blob/openjpeg-2.1/CHANGELOG.md
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3181
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3182
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3183
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4796
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4797
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5157
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7163
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7445
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8332
SRPMS
5/core
- openjpeg2-2.1.2-1.mga5
- ghostscript-9.14-3.2.mga5