Bug 1335483 (CVE-2016-4797) - CVE-2016-4797 openjpeg: Division-by-zero in function opj_tcd_init_tile in tcd.c
Summary: CVE-2016-4797 openjpeg: Division-by-zero in function opj_tcd_init_tile in tcd.c
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2016-4797
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1335484 1335485 1335486
Blocks: 1335487
TreeView+ depends on / blocked
 
Reported: 2016-05-12 10:11 UTC by Adam Mariš
Modified: 2019-09-29 13:49 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-05-31 05:28:15 UTC


Attachments (Terms of Use)

Description Adam Mariš 2016-05-12 10:11:02 UTC
Divide by zero vulnerability was found in function opj_tcd_init_tile in tcd.c

Upstream patch:

https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c

CVE request:

http://seclists.org/oss-sec/2016/q2/327

Comment 1 Adam Mariš 2016-05-12 10:12:05 UTC
Created mingw-openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1335485]

Comment 2 Adam Mariš 2016-05-12 10:12:10 UTC
Created openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1335484]
Affects: epel-all [bug 1335486]

Comment 3 Andrej Nemec 2016-05-13 08:13:55 UTC
CVE assignment:

http://seclists.org/oss-sec/2016/q2/342

Note that the problematic "(OPJ_UINT32)-1) / l_data_size" was apparently introduced in a patch addressing out-of-bounds read (or heap-based buffer over-read) vulnerabilities. See the pdfium.googlesource.com reference in CVE-2014-7947. In other words, CVE-2016-4797 exists because of an incorrect fix for CVE-2014-7947.

Comment 4 Doran Moppert 2016-05-30 06:45:33 UTC
Versions of openjpeg in rhel are too old to be affected by this issue.

Comment 5 Fedora Update System 2016-07-14 14:51:50 UTC
openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2016-07-16 21:20:57 UTC
openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2016-07-18 18:26:51 UTC
mingw-openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2016-07-18 20:53:38 UTC
mingw-openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.