Bugzilla – Bug 980504
VUL-0: CVE-2016-4796,CVE-2016-1924,CVE-2016-4797: openjpeg2: Multiple heap buffer overflows
Last modified: 2022-06-10 10:28:56 UTC
http://seclists.org/oss-sec/2016/q2/327 1. Issue 774 OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb of color.c Fixed via https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91 2. Issue 775 OpenJPEG Out-of-Bounds Access in function opj_tgt_reset of tgt.c Fixed via https://github.com/uclouvain/openjpeg/commit/1a8318f6c24623189ecb65e049267c6f2e005c0e 3. Issue 733 OpenJPEG division-by-zero in function opj_tcd_init_tile of tcd.c Fixed via https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c The vulnerable code is not directly present, but the version we have in Leap and openSUSE 42.1 is very old, so I assume similar issues affect it. References: https://bugzilla.redhat.com/show_bug.cgi?id=1335482 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4796 http://seclists.org/oss-sec/2016/q2/342 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4796.html
bugbot adjusting priority
1. Issue 774 OpenJPEG Heap Buffer Overflow in function color_cmyk_to_rgb of color.c Fixed via https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91 This issue does not affect openjpeg but openjpeg2. CVE-2016-4796 (see also https://bugzilla.redhat.com/show_bug.cgi?id=1335482). 2. Issue 775 OpenJPEG Out-of-Bounds Access in function opj_tgt_reset of tgt.c Fixed via https://github.com/uclouvain/openjpeg/commit/1a8318f6c24623189ecb65e049267c6f2e005c0e This is https://bugzilla.novell.com/show_bug.cgi?id=962522 CVE-2016-1924 Does not affect openjpeg but openjpeg2. 3. Issue 733 OpenJPEG division-by-zero in function opj_tcd_init_tile of tcd.c Fixed via https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c This is https://bugzilla.opensuse.org/show_bug.cgi?id=979911 CVE-2016-4797 Does not affect openjpeg but openjpeg2.
CVE-2016-4796 is not applicable to SLE-12 (too old, no cmyk conversion function) and not applicable to SLE-15 (fix is already in upstream). CVE-2016-1924 and CVE-2016-4797 apply to SLE-12 only.
CVE-2016-4797 was addressed in bsc#979911 [0] CVE-2016-1923 was addressed in bsc#962522 [1] [0] https://bugzilla.suse.com/show_bug.cgi?id=979911 [1] https://bugzilla.suse.com/show_bug.cgi?id=962522
SUSE-SU-2022:1129-1: An update that fixes 13 vulnerabilities is now available. Category: security (important) Bug References: 1102016,1106881,1106882,1140130,1140205,1162090,1173578,1180457,1184774,1197738,971617,980504 CVE References: CVE-2016-1924,CVE-2016-3183,CVE-2016-4797,CVE-2018-14423,CVE-2018-16375,CVE-2018-16376,CVE-2018-20845,CVE-2018-20846,CVE-2020-15389,CVE-2020-27823,CVE-2020-8112,CVE-2021-29338,CVE-2022-1122 JIRA References: Sources used: SUSE OpenStack Cloud Crowbar 9 (src): openjpeg2-2.1.0-4.15.1 SUSE OpenStack Cloud Crowbar 8 (src): openjpeg2-2.1.0-4.15.1 SUSE OpenStack Cloud 9 (src): openjpeg2-2.1.0-4.15.1 SUSE OpenStack Cloud 8 (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server for SAP 12-SP4 (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server 12-SP5 (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server 12-SP4-LTSS (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): openjpeg2-2.1.0-4.15.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): openjpeg2-2.1.0-4.15.1 HPE Helion Openstack 8 (src): openjpeg2-2.1.0-4.15.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done, reassigning to security-team.
Done, closing.