Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

openjpeg: multiple CVEs #1574

Closed
l2dy opened this issue Jan 8, 2019 · 3 comments

Comments

Projects
None yet
2 participants
@l2dy
Copy link
Contributor

commented Jan 8, 2019

CVE IDs: CVE-2018-5785, CVE-2018-6616, CVE-2018-18088

Other security advisory IDs: MGASA-2019-0004

Descriptions:

A flaw was found in OpenJPEG 2.3.0, there is an integer overflow caused
by an out-of-bounds left shift in the opj_j2k_setup_encoder function
(openjp2/j2k.c). Remote attackers could leverage this vulnerability to
cause a denial of service via a crafted bmp file (CVE-2018-5785).

In OpenJPEG 2.3.0, there is excessive iteration in the
opj_t1_encode_cblks function of openjp2/t1.c. Attackers could leverage
this vulnerability to cause a denial of service via a crafted bmp file
(CVE-2018-6616).

A flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for "red"
in the imagetopnm function of jp2/convert.c (CVE-2018-18088).

Patches: from Mageia

PoC(s): https://bugs.mageia.org/show_bug.cgi?id=23147#c6

Architectural progress:

  • AMD64 amd64
  • AArch64 arm64
  • ARMv7 armel
  • PowerPC 64-bit BE ppc64
  • PowerPC 32-bit BE powerpc
@MingcongBai

This comment has been minimized.

Copy link
Member

commented Jan 15, 2019

Snipped some details and CVEs, as our stable currently ships OpenJPEG 2.3.0.

MingcongBai added a commit that referenced this issue Jan 15, 2019

@MingcongBai MingcongBai removed the upgrade label Jan 25, 2019

@MingcongBai

This comment has been minimized.

Copy link
Member

commented Jan 25, 2019

Fixed with d966fd2. Closing.

@l2dy

This comment has been minimized.

Copy link
Contributor Author

commented Jan 25, 2019

Use AOSA-2019-0016.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.