SB2017100616 - Slackware Linux update for openjpeg

Main Vulnerability Database SB2017100616

SB2017100616 - Slackware Linux update for openjpeg

Published: October 6, 2017 Updated: October 6, 2017

Security Bulletin ID SB2017100616

Severity

High

Patch available

YES

Number of vulnerabilities 11

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2016-9572)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. A remote attacker can perform a denial of service (DoS) attack.

2) Heap-based buffer overflow (CVE-ID: CVE-2016-9573)

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause the service to crash.

The vulnerability exists in the j2k_to_image component due to due to a heap-based buffer overflow when the j2k_to_image tool handles red, green, blue, and alpha (RGBA) channel dimensions. A remote attacker can execute an application that submits malicious input, trigger out-of-bounds read and gain access to potentially sensitive information or cause the service to crash.

3) Integer overflow (CVE-ID: CVE-2016-9580)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow.

4) Buffer overflow (CVE-ID: CVE-2016-9581)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2.

5) Buffer overflow (CVE-ID: CVE-2017-12982)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.

6) Out-of-bounds write (CVE-ID: CVE-2017-14039)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

7) Out-of-bounds write (CVE-ID: CVE-2017-14040)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG 2.2.0, triggering a crash in the tgatoimage function. The vulnerability may lead to remote denial of service or possibly unspecified other impact.

8) Out-of-bounds write (CVE-ID: CVE-2017-14041)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.

9) Buffer overflow (CVE-ID: CVE-2017-14151)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An off-by-one error was discovered in opj_tcd_code_block_enc_allocate_data in lib/openjp2/tcd.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_mqc_flush in lib/openjp2/mqc.c and opj_t1_encode_cblk in lib/openjp2/t1.c) or possibly remote code execution.

10) Out-of-bounds write (CVE-ID: CVE-2017-14152)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A mishandled zero case was discovered in opj_j2k_set_cinema_parameters in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c and opj_j2k_write_sot in lib/openjp2/j2k.c) or possibly remote code execution.

11) Buffer overflow (CVE-ID: CVE-2017-14164)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.

Remediation

Install update from vendor's website.

References

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.395569