Bug 1381268 (CVE-2016-8332) - CVE-2016-8332 openjpeg2: JPEG2000 mcc record Code Execution Vulnerability
Summary: CVE-2016-8332 openjpeg2: JPEG2000 mcc record Code Execution Vulnerability
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2016-8332
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1381269 1381270 1381271 1381460
Blocks: 1374338
TreeView+ depends on / blocked
 
Reported: 2016-10-03 14:23 UTC by Andrej Nemec
Modified: 2021-02-17 03:14 UTC (History)
10 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-12-09 05:36:19 UTC
Embargoed:

Attachments (Terms of Use)

Description Andrej Nemec 2016-10-03 14:23:21 UTC 
An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector.

External References:

http://www.talosintelligence.com/reports/TALOS-2016-0193/
Comment 1 Andrej Nemec 2016-10-03 14:23:55 UTC 
Created openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1381269]
Affects: fedora-all [bug 1381270]
Affects: epel-all [bug 1381271]
Comment 2 Andrej Nemec 2016-10-04 07:41:21 UTC 
Created mingw-openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1381460]
Comment 3 Doran Moppert 2016-12-09 05:35:29 UTC 
openjpeg-1 is not affected by this issue, as it does not attempt to parse MCC records.
Note You need to log in before you can comment on or make changes to this bug.