Divide by zero vulnerability was found in function opj_tcd_init_tile in tcd.c Upstream patch: https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c CVE request: http://seclists.org/oss-sec/2016/q2/327
Created mingw-openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1335485]
Created openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1335484] Affects: epel-all [bug 1335486]
CVE assignment: http://seclists.org/oss-sec/2016/q2/342 Note that the problematic "(OPJ_UINT32)-1) / l_data_size" was apparently introduced in a patch addressing out-of-bounds read (or heap-based buffer over-read) vulnerabilities. See the pdfium.googlesource.com reference in CVE-2014-7947. In other words, CVE-2016-4797 exists because of an incorrect fix for CVE-2014-7947.
Versions of openjpeg in rhel are too old to be affected by this issue.
openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
mingw-openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
mingw-openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.