93978

https://github.com/uclouvain/openjpeg/issues/855

[debian-lts-announce] 20190710 [SECURITY] [DLA 1851-1] openjpeg2 security update

GLSA-201710-26

Two security vulnerabilities were discovered in openjpeg2, a JPEG 2000 image library.

CVE-2016-9112

A floating point exception or divide by zero in the function opj_pi_next_cprl may lead to a denial of service.

CVE-2018-20847

An improper computation of values in the function opj_get_encoding_parameters can lead to an integer overflow. This issue was partly fixed by the patch for CVE-2015-1239.

For Debian 8 'Jessie', these problems have been fixed in version 2.1.0-2+deb8u7.

We recommend that you upgrade your openjpeg2 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201710-26 (OpenJPEG: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in OpenJPEG. Please review       the references below for details.
  Impact :

    A remote attacker, via a crafted BMP, PDF, or j2k document, could       execute arbitrary code, cause a Denial of Service condition, or have       other unspecified impacts.
  Workaround :

    There is no known workaround at this time.

Update to version 2.2.0, see https://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md for details.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for openjpeg2 fixes the following issues :

  - CVE-2016-9572 CVE-2016-9573: Insuficient check in     imagetopnm() could lead to heap buffer overflow     [bsc#1014543]

  - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer     overflow via integer overflow and infite loop     [bsc#1014975]

  - CVE-2016-7445: NULL pointer dereference in convert.c     could lead to crash [bsc#999817]

  - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000     format could lead to code execution [bsc#1002414]

  - CVE-2016-9112: FPE(Floating Point Exception) in     lib/openjp2/pi.c:523 [bsc#1007747]

  - CVE-2016-9113: NULL point dereference in function     imagetobmp of convertbmp.c could lead to crash     [bsc#1007739]

  - CVE-2016-9114: NULL pointer Access in function     imagetopnm of convert.c:1943(jp2) could lead to crash     [bsc#1007740]

  - CVE-2016-9115: Heap Buffer Overflow in function     imagetotga of convert.c(jp2) [bsc#1007741]

  - CVE-2016-9116: NULL pointer Access in function     imagetopnm of convert.c:2226(jp2) [bsc#1007742]

  - CVE-2016-9117: NULL pointer Access in function     imagetopnm of convert.c(jp2):1289 [bsc#1007743]

  - CVE-2016-9118: Heap Buffer Overflow in function     pnmtoimage of convert.c [bsc#1007744]

This update for openjpeg2 fixes the following issues :

  - CVE-2016-9114: NULL pointer Access in function     imagetopnm of convert.c:1943(jp2) could lead to crash     [bsc#1007740]

  - CVE-2016-9115: Heap Buffer Overflow in function     imagetotga of convert.c(jp2) [bsc#1007741]

  - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer     overflow via integer overflow and infite loop     [bsc#1014975]

  - CVE-2016-9117: NULL pointer Access in function     imagetopnm of convert.c(jp2):1289 [bsc#1007743]

  - CVE-2016-9118: Heap Buffer Overflow in function     pnmtoimage of convert.c [bsc#1007744] 

  - CVE-2016-9112: FPE(Floating Point Exception) in     lib/openjp2/pi.c:523 [bsc#1007747] 

  - CVE-2016-9116: NULL pointer Access in function     imagetopnm of convert.c:2226(jp2) [bsc#1007742]

  - CVE-2016-9113: NULL point dereference in function     imagetobmp of convertbmp.c could lead to crash     [bsc#1007739] 

  - CVE-2016-9572 CVE-2016-9573: Insuficient check in     imagetopnm() could lead to heap buffer overflow     [bsc#1014543]

  - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000     format could lead to code execution [bsc#1002414] 

  - CVE-2016-7445: NULL pointer dereference in convert.c     could lead to crash [bsc#999817] 

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for openjpeg2 fixes the following issues :

  - CVE-2016-9114: NULL pointer Access in function     imagetopnm of convert.c:1943(jp2) could lead to crash     [bsc#1007740]

  - CVE-2016-9115: Heap Buffer Overflow in function     imagetotga of convert.c(jp2) [bsc#1007741]

  - CVE-2016-9580, CVE-2016-9581: Possible Heap buffer     overflow via integer overflow and infite loop     [bsc#1014975]

  - CVE-2016-9117: NULL pointer Access in function     imagetopnm of convert.c(jp2):1289 [bsc#1007743]

  - CVE-2016-9118: Heap Buffer Overflow in function     pnmtoimage of convert.c [bsc#1007744]

  - CVE-2016-9112: FPE(Floating Point Exception) in     lib/openjp2/pi.c:523 [bsc#1007747]

  - CVE-2016-9116: NULL pointer Access in function     imagetopnm of convert.c:2226(jp2) [bsc#1007742]

  - CVE-2016-9113: NULL point dereference in function     imagetobmp of convertbmp.c could lead to crash     [bsc#1007739]

  - CVE-2016-9572 CVE-2016-9573: Insuficient check in     imagetopnm() could lead to heap buffer overflow     [bsc#1014543]

  - CVE-2016-8332: Malicious file in OpenJPEG JPEG2000     format could lead to code execution [bsc#1002414]

  - CVE-2016-7445: NULL pointer dereference in convert.c     could lead to crash [bsc#999817]

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
126607	Debian DLA-1851-1 : openjpeg2 security update	Nessus	Debian Local Security Checks	medium
104069	GLSA-201710-26 : OpenJPEG: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
102611	Fedora 25 : mingw-openjpeg2 (2017-f6e3215f2b)	Nessus	Fedora Local Security Checks	medium
102459	Fedora 26 : openjpeg2 (2017-920b27e8f4)	Nessus	Fedora Local Security Checks	medium
96646	openSUSE Security Update : openjpeg2 (openSUSE-2017-120)	Nessus	SuSE Local Security Checks	medium
96580	openSUSE Security Update : openjpeg2 (openSUSE-2017-108)	Nessus	SuSE Local Security Checks	medium
96577	openSUSE Security Update : openjpeg2 (openSUSE-2017-101)	Nessus	SuSE Local Security Checks	medium
96147	SUSE SLED12 / SLES12 Security Update : openjpeg2 (SUSE-SU-2016:3270-1)	Nessus	SuSE Local Security Checks	medium

CVE-2016-9112

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins