Bug 1390231 (CVE-2016-9113, CVE-2016-9114, CVE-2016-9115, CVE-2016-9116, CVE-2016-9117, CVE-2016-9118) - CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-2016-9118 openjpeg2: Multiple security issues
Summary: CVE-2016-9113 CVE-2016-9114 CVE-2016-9115 CVE-2016-9116 CVE-2016-9117 CVE-201...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2016-9113, CVE-2016-9114, CVE-2016-9115, CVE-2016-9116, CVE-2016-9117, CVE-2016-9118
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1381271 1390234 1390235
Blocks: 1374338
TreeView+ depends on / blocked
 
Reported: 2016-10-31 14:34 UTC by Andrej Nemec
Modified: 2019-09-29 13:59 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-01 03:09:03 UTC


Attachments (Terms of Use)

Description Andrej Nemec 2016-10-31 14:34:06 UTC
Multiple issues in openjpeg2 were discovered by fuzzing. An attacker could create a malicious file that, when processed by openjpeg2 command line tools, could cause a crash or, potentially, code execution.

See comment 4 for individual details.

Comment 1 Andrej Nemec 2016-10-31 14:34:42 UTC
Created mingw-openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1390235]

Comment 2 Andrej Nemec 2016-10-31 14:34:48 UTC
Created openjpeg2 tracking bugs for this issue:

Affects: fedora-all [bug 1390234]

Comment 3 Andrej Nemec 2016-10-31 14:35:25 UTC
Created openjpeg2 tracking bugs for this issue:

Affects: epel-all [bug 1381271]

Comment 4 Andrej Nemec 2016-10-31 15:33:03 UTC
Adding multiple other issues which received CVEs.

CVE-2016-9113: NULL pointer dereference in function imagetobmp

https://github.com/uclouvain/openjpeg/issues/856

CVE-2016-9114: NULL pointer access in function imagetopnm

https://github.com/uclouvain/openjpeg/issues/857

CVE-2016-9115: Heap-buffer overflow in function imagetotga

https://github.com/uclouvain/openjpeg/issues/858

CVE-2016-9116: NULL pointer access in function imagetopnm

https://github.com/uclouvain/openjpeg/issues/859

CVE-2016-9117: NULL pointer access in function imagetopnm

https://github.com/uclouvain/openjpeg/issues/860

CVE-2016-9118: Heap-buffer overflow in function pnmtoimage

https://github.com/uclouvain/openjpeg/issues/861

Comment 5 Doran Moppert 2016-12-09 05:56:37 UTC
Some of these flaws may also affect openjpeg-1.

Impact is mostly low:

 - CVE-2016-9112 is a SIGFPE decoding crafted files
 - all but CVE-2016-9112 only affect command-line tools, not openjpeg-libs
 - CVE-2016-9115 and CVE-2016-9118 are heap buffer overflows
 - the rest are NULL pointer exceptions which don't seem (so far) to have any further impact

No patches available upstream yet.

Comment 6 Doran Moppert 2017-02-01 02:32:45 UTC
CVE-2016-9112 has been moved to bug 1418147, as it has different affects and impact than the rest of the flaws discussed here.


Note You need to log in before you can comment on or make changes to this bug.