Bug 1056621 - (CVE-2017-14040) VUL-0: CVE-2017-14040: openjpeg2: An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG2.2.0, triggering a crash in the tgatoimage function. The vulnerabilitymay lead to remote denial of service or possibly unspecified o
(CVE-2017-14040)
VUL-0: CVE-2017-14040: openjpeg2: An invalid write access was discovered in b...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.2
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/191292/
CVSSv2:SUSE:CVE-2017-14040:4.3:(AV:N/...
:
Depends on:
Blocks: 1057435
  Show dependency treegraph
 
Reported: 2017-08-31 12:21 UTC by Marcus Meissner
Modified: 2017-10-11 06:42 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
00326-openjpeg-invalidwrite-tgatoimage.tga (100 bytes, application/octet-stream)
2017-08-31 12:23 UTC, Marcus Meissner
Details
openjpeg2-CVE-2017-14040.patch (2.43 KB, patch)
2017-09-12 20:33 UTC, Hans Petter Jansson
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-08-31 12:21:32 UTC
CVE-2017-14040

An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG
2.2.0, triggering a crash in the tgatoimage function. The vulnerability
may lead to remote denial of service or possibly unspecified other
impact.

https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281
https://github.com/uclouvain/openjpeg/issues/995
Comment 1 Marcus Meissner 2017-08-31 12:23:26 UTC
Created attachment 739006 [details]
00326-openjpeg-invalidwrite-tgatoimage.tga

QA REPRODUCER:

opj_compress -r 20,10,1 -jpip -EPH -SOP -cinema2K 24 -n 1 -i 00326-openjpeg-invalidwrite-tgatoimage.tga -o null.j2k

should not crash
Comment 2 Marcus Meissner 2017-08-31 12:24:31 UTC
I could not get it to crash on leap or factory. assuming not affected.
Comment 3 Hans Petter Jansson 2017-09-12 19:41:36 UTC
Based on upstream fix and code inspection, SLE, Leap and TW are all affected.
Comment 4 Hans Petter Jansson 2017-09-12 20:33:29 UTC
Created attachment 740414 [details]
openjpeg2-CVE-2017-14040.patch
Comment 5 Bernhard Wiedemann 2017-09-12 22:01:22 UTC
This is an autogenerated message for OBS integration:
This bug (1056621) was mentioned in
https://build.opensuse.org/request/show/523821 42.3 / openjpeg2
https://build.opensuse.org/request/show/523822 42.2 / openjpeg2
Comment 7 Swamp Workflow Management 2017-10-05 10:09:38 UTC
SUSE-SU-2017:2649-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1056421,1056562,1056621,1056622,1057511
CVE References: CVE-2016-10507,CVE-2017-14039,CVE-2017-14040,CVE-2017-14041,CVE-2017-14164
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    openjpeg2-2.1.0-4.6.1
SUSE Linux Enterprise Server 12-SP3 (src):    openjpeg2-2.1.0-4.6.1
SUSE Linux Enterprise Server 12-SP2 (src):    openjpeg2-2.1.0-4.6.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    openjpeg2-2.1.0-4.6.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    openjpeg2-2.1.0-4.6.1
Comment 8 Andreas Stieger 2017-10-10 07:18:29 UTC
releasing for Leap, done
Comment 9 Swamp Workflow Management 2017-10-10 13:07:48 UTC
openSUSE-SU-2017:2685-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1056421,1056562,1056621,1056622,1057511
CVE References: CVE-2016-10507,CVE-2017-14039,CVE-2017-14040,CVE-2017-14041,CVE-2017-14164
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    openjpeg2-2.1.0-8.1, openjpeg2-2.1.0-9.1
Comment 10 Swamp Workflow Management 2017-10-10 13:08:41 UTC
openSUSE-SU-2017:2686-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1056421,1056562,1056621,1056622,1057511
CVE References: CVE-2016-10507,CVE-2017-14039,CVE-2017-14040,CVE-2017-14041,CVE-2017-14164
Sources used:
openSUSE Leap 42.3 (src):    openjpeg2-2.1.0-19.1
openSUSE Leap 42.2 (src):    openjpeg2-2.1.0-13.6.1