Ubuntu update for OpenJPEG

1) Memory corruption

EUVDB-ID: #VU13108

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17480

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to stack-based buffer overflow in the pgxtoimage function in jpwl/convert.c. A remote unauthenticated attacker can trigger memory corruption that leads to out-of-bounds write and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS

libopenjp2-7 - 2.3.0-2build0.18.04.1

libopenjp3d7 - 2.3.0-2build0.18.04.1

libopenjpip7 - 2.3.0-2build0.18.04.1

Vulnerable software versions

openjpeg2 (Ubuntu package): 2.3.0-1 - 2.3.0-2

External links

http://usn.ubuntu.com/4109-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Divide-by-zero

EUVDB-ID: #VU13982

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14423

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to multiple division-by-zero conditions that exist in the pi_next_pcrl, pi_next_cprl, and pi_next_rpcl functions, as defined in the lib/openjp3d/pi.c source code file. A remote attacker can trick the victim into opening a specially crafted file with an application that uses the affected library and cause the affected application to crash.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS

libopenjp2-7 - 2.3.0-2build0.18.04.1

libopenjp3d7 - 2.3.0-2build0.18.04.1

libopenjpip7 - 2.3.0-2build0.18.04.1

Vulnerable software versions

openjpeg2 (Ubuntu package): 2.3.0-1 - 2.3.0-2

External links

http://usn.ubuntu.com/4109-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) NULL pointer dereference

EUVDB-ID: #VU20492

Risk: Low

CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-18088

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error in the imagetopnm function of jp2/convert. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS

libopenjp2-7 - 2.3.0-2build0.18.04.1

libopenjp3d7 - 2.3.0-2build0.18.04.1

libopenjpip7 - 2.3.0-2build0.18.04.1

Vulnerable software versions

openjpeg2 (Ubuntu package): 2.3.0-1 - 2.3.0-2

External links

http://usn.ubuntu.com/4109-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Integer overflow

EUVDB-ID: #VU20493

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5785

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to integer overflow in opj_j2k_setup_encoder function (openjp2/j2k.c). A remote attacker can create a specially crafted bmp image, trigger integer overflow and crash the affected application.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS

libopenjp2-7 - 2.3.0-2build0.18.04.1

libopenjp3d7 - 2.3.0-2build0.18.04.1

libopenjpip7 - 2.3.0-2build0.18.04.1

Vulnerable software versions

openjpeg2 (Ubuntu package): 2.3.0-1 - 2.3.0-2

External links

http://usn.ubuntu.com/4109-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU11479

Risk: Low

CVSSv3.1: 3.6 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-6616

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system.

The weakness exists in the opj_t1_encode_cblks function, which is defined in the openjp2/t1.c source code file, due to insufficient validation of user-supplied input. A local attacker can submit a specially crafted BMP file and cause the service to crash.

Mitigation

Update the affected packages.

Ubuntu 18.04 LTS

libopenjp2-7 - 2.3.0-2build0.18.04.1

libopenjp3d7 - 2.3.0-2build0.18.04.1

libopenjpip7 - 2.3.0-2build0.18.04.1

Vulnerable software versions

openjpeg2 (Ubuntu package): 2.3.0-1 - 2.3.0-2

External links

http://usn.ubuntu.com/4109-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.