Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1335482 - (CVE-2016-4796) CVE-2016-4796 openjpeg: Heap buffer overflow in function color_cmyk_to_rgb in color.c
CVE-2016-4796 openjpeg: Heap buffer overflow in function color_cmyk_to_rgb in...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20160506,reported=2...
: Security
Depends On: 1335484 1335485 1335486
Blocks: 1335487
  Show dependency treegraph
 
Reported: 2016-05-12 06:06 EDT by Adam Mariš
Modified: 2016-07-18 16:53 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-31 01:28:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Adam Mariš 2016-05-12 06:06:49 EDT 
A heap buffer overflow in function color_cmyk_to_rgb in color.c.

Upstream patch:

https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91

CVE request:

http://seclists.org/oss-sec/2016/q2/327
Comment 1 Adam Mariš 2016-05-12 06:11:53 EDT 
Created mingw-openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1335485]
Comment 2 Adam Mariš 2016-05-12 06:11:59 EDT 
Created openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1335484]
Affects: epel-all [bug 1335486]
Comment 3 Andrej Nemec 2016-05-13 04:15:17 EDT 
CVE assignment:

http://seclists.org/oss-sec/2016/q2/342
Comment 4 Doran Moppert 2016-05-30 02:45:47 EDT 
Versions of openjpeg in rhel are too old to be affected by this issue.
Comment 5 Doran Moppert 2016-05-30 21:55:13 EDT 
Adjusted cvss2 score.  The overflow area is written with data computed using an OOB read and then manipulated through colourspace conversion (i goes out of bounds in the below loop), so successfully achieving C/I compromise is high complexity.

https://github.com/uclouvain/openjpeg/blob/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91/src/bin/common/color.c#L874-L892

NVD gives this a much higher score, but I don't think that's reasonable in this case:

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4796

CIA=PPP and AC=M to reflect that DoS is low complexity, but C/I is high.
Comment 6 Fedora Update System 2016-07-14 10:51:55 EDT 
openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2016-07-16 17:21:02 EDT 
openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2016-07-18 14:26:56 EDT 
mingw-openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2016-07-18 16:53:43 EDT 
mingw-openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.