SB2016122109 - Integer overflow in openjpeg (Alpine package)
Published: December 21, 2016
Security Bulletin ID
SB2016122109
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2016-9580)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5b27b635acbe69cadaffce1fbe4b69d8256c1315
- https://git.alpinelinux.org/aports/commit/?id=6dd49eeff4953456d2d668b4e7653967a44a4972
- https://git.alpinelinux.org/aports/commit/?id=9574a8725a5423a3ccb0587849eb919baef6a3a3
- https://git.alpinelinux.org/aports/commit/?id=d7a2fa12058eff3d4923043ff590abc2d5bf725e
- https://git.alpinelinux.org/aports/commit/?id=26c51e95735136152ea52cc8db8eed2b6f31fde0
- https://git.alpinelinux.org/aports/commit/?id=8ec2fb4b30f7ca2c630314798bd2f53835e58d57
- https://git.alpinelinux.org/aports/commit/?id=d19c71fc81362c23e49997259591524b35e2eb1b
- https://git.alpinelinux.org/aports/commit/?id=2fdeb6b9f30446dad66fe173663c79d9ff38c4d6
- https://git.alpinelinux.org/aports/commit/?id=91f0ed50281f76fcbbc7760fd7617e01b9a50c47
- https://git.alpinelinux.org/aports/commit/?id=d3f4eafef5b5094a849b82c29be2bc7c796f213d