CVE-2016-5139, CVE-2016-5152, CVE-2016-5158, CVE-2016-5159 #854
Comments
|
CVE-2016-5158 is fixed: 9a07ccb |
|
CVE-2016-5139 looks to be fixed with ea320da and issue #819 |
|
Gogil I think you mean CVE-2016-5159 is fixed with 9a07ccb and #841. Thats the one that deals with obj_aligned_malloc(). https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5159 |
|
That's right. |
|
For CVE-2016-5152 the vulnerable code does appear to be present in tcd.c. |
|
I believe all the checks of CVE-2016-5158 / https://pdfium.googlesource.com/pdfium.git/+/b20ab6c7acb3be1393461eb650ca8fa4660c937e/third_party/libopenjpeg20/0020-opj_aligned_malloc.patch are now in master |
|
It seems all above mentionned issues are now fixed. Closing. Re-open if we missed something |
Summary: This new release includes a significant number of improvements and bug fixes. In particular: - Multi-threading support at decoding side - Several speed optimisations both at encoder and decoder, and both on Wavelet Transform and Entropy Coding parts. On our test set, a single-threaded execution is now around 20% faster (encoding or decoding). - Huge memory consumption reduction at decoding side (~60% reduction on large images) - Several important bug fixes, in particular the one that was preventing OpenJPEG to encode lossless in some specific situations, as well as those related to mode switches (BYPASS/LAZY, RESTART/TERMALL, etc). - Several security fixes thanks to the inclusion of OpenJPEG in the Google OSS Fuzz project. Beside that, several improvements have been brought to the project maintenance, like inclusion of benchmarking scripts to compare speed with latest available kakadu binaries. Security fixes: - CVE-2016-5139, CVE-2016-5152, CVE-2016-5158, CVE-2016-5159 [#854](uclouvain/openjpeg#854) - CVE-2016-1626 and CVE-2016-1628 [#850](uclouvain/openjpeg#850) For more info check the [NEWS](https://github.com/uclouvain/openjpeg/blob/v2.2.0/NEWS.md) and the [Changelog](https://github.com/uclouvain/openjpeg/blob/v2.2.0/CHANGELOG.md) Signed-off-by: Pierre-Yves <pyu@riseup.net> Test Plan: ``` $ opj_compress -i test.png -o test.j2k [INFO] tile number 1 / 1 [INFO] Generated outfile test.j2k encode time: 283 ms ``` Reviewers: #triage_team, JoshStrobl Reviewed By: #triage_team, JoshStrobl Subscribers: sunnyflunk, JoshStrobl Tags: #security Differential Revision: https://dev.solus-project.com/D794
Google fixed this code with:
CVE-2016-5139
Prevent integer overflows during calculation of |l_nb_precinct_size|
https://pdfium.googlesource.com/pdfium.git/+/2f6d1480a1be2b1f82c94219c2d99e67d7e0660d
CVE-2016-5152
Fix an integer overflow in opj_tcd_get_decoded_tile_size()
https://pdfium.googlesource.com/pdfium.git/+/d8cc503575463ff3d81b22dad292665f2c88911e
CVE-2016-5158
Prevent overflows when using opj_aligned_malloc()
https://pdfium.googlesource.com/pdfium.git/+/b20ab6c7acb3be1393461eb650ca8fa4660c937e
CVE-2016-5159
Prevent integer overflows during calculation of |l_nb_code_blocks_size|
https://pdfium.googlesource.com/pdfium.git/+/ff74356915d4c7f7c6eb16de1e9f403da4ecb6d5
The text was updated successfully, but these errors were encountered: