Bug 1335483 – CVE-2016-4797 openjpeg: Division-by-zero in function opj_tcd_init_tile in tcd.c

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1335483 - (CVE-2016-4797) CVE-2016-4797 openjpeg: Division-by-zero in function opj_tcd_init_tile in tcd.c

Summary:	CVE-2016-4797 openjpeg: Division-by-zero in function opj_tcd_init_tile in tcd.c

Status:	CLOSED NOTABUG

Aliases:	CVE-2016-4797

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	low Severity low
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=low,public=20160328,reported=2...
Keywords:	Security

Depends On:	1335484 1335485 1335486
Blocks:	1335487
	Show dependency tree / graph

Reported:	2016-05-12 06:11 EDT by Adam Mariš
Modified:	2016-07-18 16:53 EDT (History)
CC List:	5 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-05-31 01:28:15 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Adam Mariš 2016-05-12 06:11:02 EDT

Divide by zero vulnerability was found in function opj_tcd_init_tile in tcd.c

Upstream patch:

https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c

CVE request:

http://seclists.org/oss-sec/2016/q2/327

Comment 1 Adam Mariš 2016-05-12 06:12:05 EDT

Created mingw-openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1335485]

Comment 2 Adam Mariš 2016-05-12 06:12:10 EDT

Created openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1335484]
Affects: epel-all [bug 1335486]

Comment 3 Andrej Nemec 2016-05-13 04:13:55 EDT

CVE assignment:

http://seclists.org/oss-sec/2016/q2/342

Note that the problematic "(OPJ_UINT32)-1) / l_data_size" was apparently introduced in a patch addressing out-of-bounds read (or heap-based buffer over-read) vulnerabilities. See the pdfium.googlesource.com reference in CVE-2014-7947. In other words, CVE-2016-4797 exists because of an incorrect fix for CVE-2014-7947.

Comment 4 Doran Moppert 2016-05-30 02:45:33 EDT

Versions of openjpeg in rhel are too old to be affected by this issue.

Comment 5 Fedora Update System 2016-07-14 10:51:50 EDT

openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2016-07-16 17:20:57 EDT

openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2016-07-18 14:26:51 EDT

mingw-openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2016-07-18 16:53:38 EDT

mingw-openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.