SB2017082323 - Buffer overflow in openjpeg (Alpine package)
Published: August 23, 2017
Security Bulletin ID
SB2017082323
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Buffer overflow (CVE-ID: CVE-2017-12982)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=5b27b635acbe69cadaffce1fbe4b69d8256c1315
- https://git.alpinelinux.org/aports/commit/?id=6dd49eeff4953456d2d668b4e7653967a44a4972
- https://git.alpinelinux.org/aports/commit/?id=9574a8725a5423a3ccb0587849eb919baef6a3a3
- https://git.alpinelinux.org/aports/commit/?id=ca47c2c59eed9062267feefc2004f5d70e7e615e
- https://git.alpinelinux.org/aports/commit/?id=d7a2fa12058eff3d4923043ff590abc2d5bf725e
- https://git.alpinelinux.org/aports/commit/?id=26c51e95735136152ea52cc8db8eed2b6f31fde0
- https://git.alpinelinux.org/aports/commit/?id=5c82fd0a2871207bd9352f23c1191e39a0313a86
- https://git.alpinelinux.org/aports/commit/?id=61304699d29224d64a56abc573d12673551f7927