Security update for openjpeg2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0207-1 Final 1 1 2017-01-19T10:13:14Z current 2017-01-19T10:13:14Z 2017-01-19T10:13:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for openjpeg2 This update for openjpeg2 fixes the following issues: * CVE-2016-9572 CVE-2016-9573: Insuficient check in imagetopnm() could lead to heap buffer overflow [bsc#1014543] * CVE-2016-9580, CVE-2016-9581: Possible Heap buffer overflow via integer overflow and infite loop [bsc#1014975] * CVE-2016-7445: Null pointer dereference in convert.c could lead to crash [bsc#999817] * CVE-2016-8332: Malicious file in OpenJPEG JPEG2000 format could lead to code execution [bsc#1002414] * CVE-2016-9112: FPE(Floating Point Exception) in lib/openjp2/pi.c:523 [bsc#1007747] * CVE-2016-9113: NULL point dereference in function imagetobmp of convertbmp.c could lead to crash [bsc#1007739] * CVE-2016-9114: NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) could lead to crash [bsc#1007740] * CVE-2016-9115: Heap Buffer Overflow in function imagetotga of convert.c(jp2) [bsc#1007741] * CVE-2016-9116: NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) [bsc#1007742] * CVE-2016-9117: NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 [bsc#1007743] * CVE-2016-9118: Heap Buffer Overflow in function pnmtoimage of convert.c [bsc#1007744] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html E-Mail link for openSUSE-SU-2017:0207-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libopenjp2-7-2.1.0-9.1 libopenjp2-7-32bit-2.1.0-9.1 openjpeg2-2.1.0-9.1 openjpeg2-devel-2.1.0-9.1 libopenjp2-7-2.1.0-9.1 as a component of openSUSE Leap 42.1 libopenjp2-7-32bit-2.1.0-9.1 as a component of openSUSE Leap 42.1 openjpeg2-2.1.0-9.1 as a component of openSUSE Leap 42.1 openjpeg2-devel-2.1.0-9.1 as a component of openSUSE Leap 42.1 convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s. CVE-2016-7445 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-7445.html CVE-2016-7445 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 https://bugzilla.suse.com/999817 SUSE Bug 999817 A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector. CVE-2016-8332 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-8332.html CVE-2016-8332 https://bugzilla.suse.com/1002414 SUSE Bug 1002414 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. CVE-2016-9112 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9112.html CVE-2016-9112 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1007747 SUSE Bug 1007747 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 https://bugzilla.suse.com/1056396 SUSE Bug 1056396 There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service. CVE-2016-9113 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9113.html CVE-2016-9113 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1007747 SUSE Bug 1007747 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service. CVE-2016-9114 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9114.html CVE-2016-9114 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007740 SUSE Bug 1007740 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1007747 SUSE Bug 1007747 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. CVE-2016-9115 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9115.html CVE-2016-9115 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007741 SUSE Bug 1007741 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1007747 SUSE Bug 1007747 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. CVE-2016-9116 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9116.html CVE-2016-9116 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007742 SUSE Bug 1007742 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1007747 SUSE Bug 1007747 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2. Impact is Denial of Service. Someone must open a crafted j2k file. CVE-2016-9117 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9117.html CVE-2016-9117 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007743 SUSE Bug 1007743 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1007747 SUSE Bug 1007747 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2. CVE-2016-9118 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9118.html CVE-2016-9118 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1007747 SUSE Bug 1007747 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image. CVE-2016-9572 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9572.html CVE-2016-9572 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1014543 SUSE Bug 1014543 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. CVE-2016-9573 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9573.html CVE-2016-9573 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1014543 SUSE Bug 1014543 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 An integer overflow vulnerability was found in tiftoimage function in openjpeg 2.1.2, resulting in heap buffer overflow. CVE-2016-9580 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9580.html CVE-2016-9580 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1014975 SUSE Bug 1014975 https://bugzilla.suse.com/1015662 SUSE Bug 1015662 An infinite loop vulnerability in tiftoimage that results in heap buffer overflow in convert_32s_C1P1 was found in openjpeg 2.1.2. CVE-2016-9581 openSUSE Leap 42.1:libopenjp2-7-2.1.0-9.1 openSUSE Leap 42.1:libopenjp2-7-32bit-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-2.1.0-9.1 openSUSE Leap 42.1:openjpeg2-devel-2.1.0-9.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00034.html https://www.suse.com/security/cve/CVE-2016-9581.html CVE-2016-9581 https://bugzilla.suse.com/1007739 SUSE Bug 1007739 https://bugzilla.suse.com/1007744 SUSE Bug 1007744 https://bugzilla.suse.com/1014975 SUSE Bug 1014975 https://bugzilla.suse.com/1015662 SUSE Bug 1015662