Bug 757260 - VUL-0: openjpeg: heap corruption
VUL-0: openjpeg: heap corruption
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Asterios Dramis
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-16 06:57 UTC by Sebastian Krahmer
Modified: 2012-07-04 05:51 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2012-04-16 06:57:38 UTC
Via oss-sec:

Date: Fri, 13 Apr 2012 12:59:59 +0530
From: Huzaifa Sidhpurwala
To: oss-security


Hi All,

While looking at openjpeg, i found the following bug in their tracker,
which still seems to be un-addressed.
http://code.google.com/p/openjpeg/issues/detail?id=5

I dont think a CVE id has been assigned to this issue yet.
Comment 1 Sebastian Krahmer 2012-04-16 06:58:41 UTC
Via oss-sec:


Yes, doesn't look so one got assigned for this one yet, since:
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=openjpeg

provides just recent CVE-2012-1499. To the:

http://code.google.com/p/openjpeg/issues/detail?id=5

issue itself:

1) It should get a CVE-2009-* identifier (upstream
ticket is public from 2009-Jul-31).

2) From the issue reasons investigation, it seems to
be combination of heap-based buffer invalid reads and
writes by processing certain Gray16 TIFF images, leading
to invalid free (when such corrupted memory allocated
for tile encoder / decoder handle (TCD) is attempted
to be freed).

More official description in Red Hat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=812317

Kurt, could you allocate a 2009 CVE id?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
Comment 2 Sebastian Krahmer 2012-04-16 06:59:23 UTC
CVE-2009-5030
Comment 3 Swamp Workflow Management 2012-04-16 22:00:22 UTC
bugbot adjusting priority
Comment 5 Asterios Dramis 2012-06-27 18:31:32 UTC
A patch has been submitted upstream to fix the issue. See:

http://code.google.com/p/openjpeg/source/detail?r=1703

If this is OK I'll submit an update in the openjpeg package.
Comment 6 Ludwig Nussel 2012-06-28 07:07:48 UTC
sure, please go ahead and apply the patch
Comment 7 Bernhard Wiedemann 2012-06-28 20:00:07 UTC
This is an autogenerated message for OBS integration:
This bug (757260) was mentioned in
https://build.opensuse.org/request/show/126485 Factory / openjpeg
Comment 8 Marcus Meissner 2012-07-04 05:51:02 UTC
i think this marks it done...