Multiple issues in openjpeg2 were discovered by fuzzing. An attacker could create a malicious file that, when processed by openjpeg2 command line tools, could cause a crash or, potentially, code execution. See comment 4 for individual details.
Created mingw-openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1390235]
Created openjpeg2 tracking bugs for this issue: Affects: fedora-all [bug 1390234]
Created openjpeg2 tracking bugs for this issue: Affects: epel-all [bug 1381271]
Adding multiple other issues which received CVEs. CVE-2016-9113: NULL pointer dereference in function imagetobmp https://github.com/uclouvain/openjpeg/issues/856 CVE-2016-9114: NULL pointer access in function imagetopnm https://github.com/uclouvain/openjpeg/issues/857 CVE-2016-9115: Heap-buffer overflow in function imagetotga https://github.com/uclouvain/openjpeg/issues/858 CVE-2016-9116: NULL pointer access in function imagetopnm https://github.com/uclouvain/openjpeg/issues/859 CVE-2016-9117: NULL pointer access in function imagetopnm https://github.com/uclouvain/openjpeg/issues/860 CVE-2016-9118: Heap-buffer overflow in function pnmtoimage https://github.com/uclouvain/openjpeg/issues/861
Some of these flaws may also affect openjpeg-1. Impact is mostly low: - CVE-2016-9112 is a SIGFPE decoding crafted files - all but CVE-2016-9112 only affect command-line tools, not openjpeg-libs - CVE-2016-9115 and CVE-2016-9118 are heap buffer overflows - the rest are NULL pointer exceptions which don't seem (so far) to have any further impact No patches available upstream yet.
CVE-2016-9112 has been moved to bug 1418147, as it has different affects and impact than the rest of the flaws discussed here.