Bug 1335482 (CVE-2016-4796)
Summary: | CVE-2016-4796 openjpeg: Heap buffer overflow in function color_cmyk_to_rgb in color.c | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Adam Mariš <amaris> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | dmoppert, hobbes1069, manisandro, phracek, slawomir |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-05-31 05:28:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1335484, 1335485, 1335486 | ||
Bug Blocks: | 1335487 |
Description
Adam Mariš
2016-05-12 10:06:49 UTC
Created mingw-openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1335485] Created openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1335484] Affects: epel-all [bug 1335486] CVE assignment: http://seclists.org/oss-sec/2016/q2/342 Versions of openjpeg in rhel are too old to be affected by this issue. Adjusted cvss2 score. The overflow area is written with data computed using an OOB read and then manipulated through colourspace conversion (i goes out of bounds in the below loop), so successfully achieving C/I compromise is high complexity. https://github.com/uclouvain/openjpeg/blob/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91/src/bin/common/color.c#L874-L892 NVD gives this a much higher score, but I don't think that's reasonable in this case: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4796 CIA=PPP and AC=M to reflect that DoS is low complexity, but C/I is high. openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. mingw-openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. mingw-openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |