Bug 997857 (CVE-2016-7163) - VUL-0: CVE-2016-7163: openjpeg2: Integer overflow allowing for RCE
Summary: VUL-0: CVE-2016-7163: openjpeg2: Integer overflow allowing for RCE
Status: RESOLVED FIXED
Alias: CVE-2016-7163
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Angelos Tzotsos
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/172441/
Whiteboard: CVSSv2:RedHat:CVE-2016-7163:5.8:(AV:N...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-09-08 09:23 UTC by Victor Pereira
Modified: 2017-09-26 01:13 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-09-08 09:23:47 UTC 
CVE-2016-7163

It was reported a security issue of OpenJPEG some days ago and it has been
fixed now. The fix is available at
https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4
and
https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24

An integer overflow issue exists in function opj_pi_create_decode of
pi.c. It can lead to Out-Of-Bounds Read and Out-Of-Bounds Write in
function opj_pi_next_cprl of pi.c (function opj_pi_next_lrcp,
opj_pi_next_rlcp, opj_pi_next_rpcl, opj_pi_next_pcrl may also be
vulnerable). This vulnerability allows remote attackers to execute
arbitrary code on vulnerable installations of OpenJPEG.

AddressSanitizer: heap-buffer-overflow
READ of size 2


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7163
http://seclists.org/oss-sec/2016/q3/442
Comment 1 Swamp Workflow Management 2016-09-08 22:00:41 UTC 
bugbot adjusting priority
Comment 2 Asterios Dramis 2017-02-01 21:07:48 UTC 
This issue does not affect openjpeg but openjpeg2.
(see also https://bugzilla.redhat.com/show_bug.cgi?id=1374329).
Comment 3 Johannes Segitz 2017-08-01 11:14:52 UTC 
We have this in SLES, please submit
Comment 4 Hans Petter Jansson 2017-08-02 20:09:39 UTC 
Submitted.
Comment 6 Swamp Workflow Management 2017-08-11 19:09:14 UTC 
SUSE-SU-2017:2144-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 979907,997857
CVE References: CVE-2015-8871,CVE-2016-7163
Sources used:
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    openjpeg2-2.1.0-4.3.2
SUSE Linux Enterprise Server 12-SP3 (src):    openjpeg2-2.1.0-4.3.2
SUSE Linux Enterprise Server 12-SP2 (src):    openjpeg2-2.1.0-4.3.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    openjpeg2-2.1.0-4.3.2
SUSE Linux Enterprise Desktop 12-SP2 (src):    openjpeg2-2.1.0-4.3.2
Comment 7 Andreas Stieger 2017-08-16 18:13:32 UTC 
releasing for Leap, done
Comment 8 Swamp Workflow Management 2017-08-16 22:10:31 UTC 
openSUSE-SU-2017:2186-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 979907,997857
CVE References: CVE-2015-8871,CVE-2016-7163
Sources used:
openSUSE Leap 42.3 (src):    openjpeg2-2.1.0-16.1
openSUSE Leap 42.2 (src):    openjpeg2-2.1.0-13.3.1
Comment 9 Swamp Workflow Management 2017-09-26 01:13:11 UTC 
openSUSE-SU-2017:2567-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 1002414,1007739,1007740,1007741,1007742,1007743,1007744,1007747,1014543,1014975,979907,997857,999817
CVE References: CVE-2015-8871,CVE-2016-7163,CVE-2016-7445,CVE-2016-8332,CVE-2016-9112,CVE-2016-9113,CVE-2016-9114,CVE-2016-9115,CVE-2016-9116,CVE-2016-9117,CVE-2016-9118,CVE-2016-9572,CVE-2016-9573,CVE-2016-9580,CVE-2016-9581
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    openjpeg2-2.1.0-5.1, openjpeg2-2.1.0-6.1