SB2018011617 - Multiple vulnerabilities in OpenJPEG

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2018-16375)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in OpenJPEG 2.3.0. Missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c can lead to a heap-based buffer overflow.

2) Out-of-bounds write (CVE-ID: CVE-2018-16376)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in OpenJPEG 2.3.0. A heap-based buffer overflow was discovered in the function t2_encode_packet in lib/openmj2/t2.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.

3) Integer overflow (CVE-ID: CVE-2018-5727)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the opj_t1_encode_cblks function (openjp2/t1.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.

Remediation

Install update from vendor's website.

References

• http://www.securityfocus.com/bid/105266
• https://github.com/uclouvain/openjpeg/issues/1126
• http://www.securityfocus.com/bid/105262
• https://github.com/uclouvain/openjpeg/issues/1127
• https://github.com/uclouvain/openjpeg/issues/1053