Bug 812317 (CVE-2009-5030) - CVE-2009-5030 openjpeg: Heap memory corruption leading to invalid free by processing certain Gray16 TIFF images
Summary: CVE-2009-5030 openjpeg: Heap memory corruption leading to invalid free by pro...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2009-5030
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 812318 812319 831561 831562
Blocks: 812327
TreeView+ depends on / blocked
 
Reported: 2012-04-13 11:24 UTC by Jan Lieskovsky
Modified: 2019-09-29 12:52 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-07-11 17:02:51 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Debian BTS 672455 None None None 2012-06-13 09:56:19 UTC
Red Hat Product Errata RHSA-2012:1068 normal SHIPPED_LIVE Important: openjpeg security update 2012-07-11 20:40:45 UTC

Description Jan Lieskovsky 2012-04-13 11:24:09 UTC
An out-of heap-based buffer bounds read and write flaw, leading to invalid free, was found in the way a tile coder / decoder (TCD) implementation of OpenJPEG, an open-source JPEG 2000 codec written in C language, performed releasing of previously allocated memory for the TCD encoder handle by processing certain Gray16 TIFF images. A remote attacker could provide a specially-crafted TIFF image file, which once converted into the JPEG 2000 file format with an application linked against OpenJPEG (such as 'image_to_j2k'), would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application.

Upstream ticket:
http://code.google.com/p/openjpeg/issues/detail?id=5

Reproducer:
http://openjpeg.googlecode.com/issues/attachment?aid=-3765789821971534182&name=random.tif&token=yuNnyJfWKmzzoKRYSCAI763B8Dk%3A1334312139415

CVE Request:
http://www.openwall.com/lists/oss-security/2012/04/13/1

Comment 1 Jan Lieskovsky 2012-04-13 11:26:35 UTC
This issue affects the version of the openjpeg package, as shipped with Red Hat Enterprise Linux 6.

--

This issue affects the versions of the openjpeg and mingw32-openjpeg packages, as shipped with Fedora release of 15 and 16. Please schedule an update once there is final upstream patch available (doesn't seem to be as of right now).

Comment 3 Jan Lieskovsky 2012-04-13 11:29:18 UTC
Created openjpeg tracking bugs for this issue

Affects: fedora-all [bug 812318]

Comment 4 Jan Lieskovsky 2012-04-13 11:30:16 UTC
Created mingw32-openjpeg tracking bugs for this issue

Affects: fedora-all [bug 812319]

Comment 8 Kurt Seifried 2012-04-13 16:47:02 UTC
Added CVE as per http://www.openwall.com/lists/oss-security/2012/04/13/5

Comment 9 Huzaifa S. Sidhpurwala 2012-06-13 09:58:07 UTC
Patch available at:

http://code.google.com/p/openjpeg/source/detail?r=1703

Comment 11 Fedora Update System 2012-06-28 03:21:08 UTC
openjpeg-1.4-13.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2012-06-28 03:53:34 UTC
openjpeg-1.4-13.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 errata-xmlrpc 2012-07-11 16:42:09 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:1068 https://rhn.redhat.com/errata/RHSA-2012-1068.html


Note You need to log in before you can comment on or make changes to this bug.