1335483 – (CVE-2016-4797) CVE-2016-4797 openjpeg: Division-by-zero in function opj_tcd_init_tile in tcd.c

Bug 1335483 (CVE-2016-4797) - CVE-2016-4797 openjpeg: Division-by-zero in function opj_tcd_init_tile in tcd.c

Summary: CVE-2016-4797 openjpeg: Division-by-zero in function opj_tcd_init_tile in tcd.c

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2016-4797
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1335484 1335485 1335486
Blocks:	1335487
TreeView+	depends on / blocked

Reported:	2016-05-12 10:11 UTC by Adam Mariš
Modified:	2019-09-29 13:49 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-05-31 05:28:15 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2016-05-12 10:11:02 UTC

Divide by zero vulnerability was found in function opj_tcd_init_tile in tcd.c

Upstream patch:

https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c

CVE request:

http://seclists.org/oss-sec/2016/q2/327

Comment 1 Adam Mariš 2016-05-12 10:12:05 UTC

Created mingw-openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1335485]

Comment 2 Adam Mariš 2016-05-12 10:12:10 UTC

Created openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1335484]
Affects: epel-all [bug 1335486]

Comment 3 Andrej Nemec 2016-05-13 08:13:55 UTC

CVE assignment:

http://seclists.org/oss-sec/2016/q2/342

Note that the problematic "(OPJ_UINT32)-1) / l_data_size" was apparently introduced in a patch addressing out-of-bounds read (or heap-based buffer over-read) vulnerabilities. See the pdfium.googlesource.com reference in CVE-2014-7947. In other words, CVE-2016-4797 exists because of an incorrect fix for CVE-2014-7947.

Comment 4 Doran Moppert 2016-05-30 06:45:33 UTC

Versions of openjpeg in rhel are too old to be affected by this issue.

Comment 5 Fedora Update System 2016-07-14 14:51:50 UTC

openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2016-07-16 21:20:57 UTC

openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2016-07-18 18:26:51 UTC

mingw-openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2016-07-18 20:53:38 UTC

mingw-openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.