SB2016102901 - Multiple vulnerabilities in OpenJPEG
Published: October 29, 2016 Updated: December 29, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2016-9118)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.
2) NULL pointer dereference (CVE-ID: CVE-2016-9117)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
3) NULL pointer dereference (CVE-ID: CVE-2016-9116)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
4) Buffer overflow (CVE-ID: CVE-2016-9115)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file.
5) NULL pointer dereference (CVE-ID: CVE-2016-9114)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
6) NULL pointer dereference (CVE-ID: CVE-2016-9113)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. A remote attacker can perform a denial of service (DoS) attack.
7) Division by zero (CVE-ID: CVE-2016-9112)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.
Remediation
Install update from vendor's website.
References
- http://www.debian.org/security/2017/dsa-4013
- http://www.securityfocus.com/bid/93976
- https://github.com/uclouvain/openjpeg/issues/861
- https://security.gentoo.org/glsa/201710-26
- http://www.securityfocus.com/bid/93783
- https://github.com/uclouvain/openjpeg/issues/860
- http://www.securityfocus.com/bid/93975
- https://github.com/uclouvain/openjpeg/issues/859
- http://www.securityfocus.com/bid/93977
- https://github.com/uclouvain/openjpeg/issues/858
- http://www.securityfocus.com/bid/93979
- https://github.com/uclouvain/openjpeg/issues/857
- http://www.securityfocus.com/bid/93980
- https://github.com/uclouvain/openjpeg/issues/856
- http://www.securityfocus.com/bid/93978
- https://github.com/uclouvain/openjpeg/issues/855
- https://lists.debian.org/debian-lts-announce/2019/07/msg00010.html
- https://www.oracle.com/security-alerts/cpujul2020.html