{ "schema_version": "1.7.0", "id": "MGASA-2016-0362", "published": "2016-11-03T09:02:50Z", "modified": "2016-11-03T08:52:43Z", "summary": "Updated openjpeg2 packages fix security vulnerabilities", "details": "A specially crafted JPEG2000 image file can force Out-Of-Bounds Read in\nopj_tcd_free_tile() (CVE-2016-3181).\n\nA specially crafted JPEG2000 image file can force Heap Corruption in\nopj_free() (CVE-2016-3182).\n\nA specially crafted JPEG2000 image file can force Out-Of-Bounds Read in\nsycc422_to_rgb() (CVE-2016-3183).\n\nOpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb() in color.c\n(CVE-2016-4796).\n\nOpenJPEG division-by-zero in function opj_tcd_init_tile() in tcd.c\n(CVE-2016-4797).\n\nHeap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c\nin OpenJPEG allows remote attackers to execute arbitrary code via\ncrafted coordinate values in JPEG 2000 data (CVE-2016-5157).\n\nInteger overflow in the opj_pi_create_decode function in pi.c in\nOpenJPEG allows remote attackers to execute arbitrary code via a crafted\nJP2 file, which triggers an out-of-bounds read or write (CVE-2016-7163).\n\nconvert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a\ndenial of service (NULL pointer dereference and application crash) via\nvectors involving the variable s (CVE-2016-7445).\n\nA buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when\nparsing a crafted image. An exploitable code execution vulnerability\nexists in the jpeg2000 image file format parser as implemented in the\nOpenJpeg library. A specially crafted jpeg2000 file can cause an out of\nbound heap write resulting in heap corruption leading to arbitrary code\nexecution (CVE-2016-8332).\n", "upstream": [ "CVE-2016-3181", "CVE-2016-3182", "CVE-2016-3183", "CVE-2016-4796", "CVE-2016-4797", "CVE-2016-5157", "CVE-2016-7163", "CVE-2016-7445", "CVE-2016-8332" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2016-0362.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=17536" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/" }, { "type": "WEB", "url": "https://github.com/uclouvain/openjpeg/blob/master/CHANGELOG.md" }, { "type": "WEB", "url": "https://www.debian.org/security/2016/dsa-3665" }, { "type": "WEB", "url": "https://lists.opensuse.org/opensuse-updates/2016-09/msg00109.html" }, { "type": "WEB", "url": "http://www.talosintelligence.com/reports/TALOS-2016-0193/" }, { "type": "WEB", "url": "http://www.openjpeg.org/2016/09/28/OpenJPEG-2.1.2-released" }, { "type": "WEB", "url": "https://github.com/uclouvain/openjpeg/blob/openjpeg-2.1/CHANGELOG.md" } ], "affected": [ { "package": { "ecosystem": "Mageia:5", "name": "openjpeg2", "purl": "pkg:rpm/mageia/openjpeg2?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.1.2-1.mga5" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:5", "name": "ghostscript", "purl": "pkg:rpm/mageia/ghostscript?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "9.14-3.2.mga5" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }