Vulnerabilities > CVE-2016-4797 - Divide By Zero vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
Divide-by-zero vulnerability in the opj_tcd_init_tile function in tcd.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (application crash) via a crafted jp2 file. NOTE: this issue exists because of an incorrect fix for CVE-2014-7947.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2016-D2AB705E4A.NASL description Update to version 2.1.1, see https://github.com/uclouvain/openjpeg/releases/tag/v2.1.1 for details. Fixes: CVE-2016-3183, CVE-2016-3181, CVE-2016-3182, CVE-2016-4796, CVE-2016-4797, CVE-2015-8871 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-18 plugin id 92333 published 2016-07-18 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92333 title Fedora 23 : openjpeg2 (2016-d2ab705e4a) NASL family Fedora Local Security Checks NASL id FEDORA_2016-ABDC548F46.NASL description Update to version 2.1.1, see https://github.com/uclouvain/openjpeg/releases/tag/v2.1.1 for details. Fixes: CVE-2016-3183, CVE-2016-3181, CVE-2016-3182, CVE-2016-4796, CVE-2016-4797, CVE-2015-8871 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-15 plugin id 92280 published 2016-07-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92280 title Fedora 24 : openjpeg2 (2016-abdc548f46) NASL family Fedora Local Security Checks NASL id FEDORA_2016-14D8F9B4ED.NASL description Update to version 2.1.1, see https://github.com/uclouvain/openjpeg/releases/tag/v2.1.1 for details. Fixes: CVE-2016-3183, CVE-2016-3181, CVE-2016-3182, CVE-2016-4796, CVE-2016-4797, CVE-2015-8871 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-19 plugin id 92385 published 2016-07-19 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92385 title Fedora 23 : mingw-openjpeg2 (2016-14d8f9b4ed) NASL family Fedora Local Security Checks NASL id FEDORA_2016-8FA7CED365.NASL description Update to version 2.1.1, see https://github.com/uclouvain/openjpeg/releases/tag/v2.1.1 for details. Fixes: CVE-2016-3183, CVE-2016-3181, CVE-2016-3182, CVE-2016-4796, CVE-2016-4797, CVE-2015-8871 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-07-19 plugin id 92389 published 2016-07-19 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/92389 title Fedora 24 : mingw-openjpeg2 (2016-8fa7ced365)
References
- https://github.com/uclouvain/openjpeg/issues/733
- https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c
- https://bugzilla.redhat.com/show_bug.cgi?id=1335483
- http://www.openwall.com/lists/oss-security/2016/05/13/2
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5FFMOZOF2EI6N2CR23EQ5EATWLQKBMHW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HPMDEUIMHTLKMHELDL4F4HZ7X4Y34JEB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BJM23YERMEC6LCTWBUH7LZURGSLZDFDH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFRD35RIPRCGZA5DKAKHZ62LMP2A5UT7/