A heap buffer overflow in function color_cmyk_to_rgb in color.c. Upstream patch: https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91 CVE request: http://seclists.org/oss-sec/2016/q2/327
Created mingw-openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1335485]
Created openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1335484] Affects: epel-all [bug 1335486]
CVE assignment: http://seclists.org/oss-sec/2016/q2/342
Versions of openjpeg in rhel are too old to be affected by this issue.
Adjusted cvss2 score. The overflow area is written with data computed using an OOB read and then manipulated through colourspace conversion (i goes out of bounds in the below loop), so successfully achieving C/I compromise is high complexity. https://github.com/uclouvain/openjpeg/blob/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91/src/bin/common/color.c#L874-L892 NVD gives this a much higher score, but I don't think that's reasonable in this case: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4796 CIA=PPP and AC=M to reflect that DoS is low complexity, but C/I is high.
openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
mingw-openjpeg2-2.1.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
mingw-openjpeg2-2.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.