Vulnerabilities > CVE-2016-7163 - Integer Overflow or Wraparound vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-943.NASL description This update for openjpeg2 fixes the following issues : - CVE 2016-7163: Integer Overflow could lead to remote code execution (bsc#997857) - CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service (bsc#979907) This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2017-08-18 plugin id 102562 published 2017-08-18 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/102562 title openSUSE Security Update : openjpeg2 (openSUSE-2017-943) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2017-943. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(102562); script_version("3.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2015-8871", "CVE-2016-7163"); script_name(english:"openSUSE Security Update : openjpeg2 (openSUSE-2017-943)"); script_summary(english:"Check for the openSUSE-2017-943 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for openjpeg2 fixes the following issues : - CVE 2016-7163: Integer Overflow could lead to remote code execution (bsc#997857) - CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service (bsc#979907) This update was imported from the SUSE:SLE-12-SP2:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=979907" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=997857" ); script_set_attribute( attribute:"solution", value:"Update the affected openjpeg2 packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenjp2-7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenjp2-7-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libopenjp2-7-debuginfo-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openjpeg2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openjpeg2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openjpeg2-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:openjpeg2-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2017/08/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/08/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.2|SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.2 / 42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE42.2", reference:"libopenjp2-7-2.1.0-13.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"libopenjp2-7-debuginfo-2.1.0-13.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"openjpeg2-2.1.0-13.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"openjpeg2-debuginfo-2.1.0-13.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"openjpeg2-debugsource-2.1.0-13.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", reference:"openjpeg2-devel-2.1.0-13.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libopenjp2-7-32bit-2.1.0-13.3.1") ) flag++; if ( rpm_check(release:"SUSE42.2", cpu:"x86_64", reference:"libopenjp2-7-debuginfo-32bit-2.1.0-13.3.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libopenjp2-7-2.1.0-16.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"libopenjp2-7-debuginfo-2.1.0-16.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"openjpeg2-2.1.0-16.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"openjpeg2-debuginfo-2.1.0-16.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"openjpeg2-debugsource-2.1.0-16.1") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"openjpeg2-devel-2.1.0-16.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libopenjp2-7-32bit-2.1.0-16.1") ) flag++; if ( rpm_check(release:"SUSE42.3", cpu:"x86_64", reference:"libopenjp2-7-debuginfo-32bit-2.1.0-16.1") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libopenjp2-7 / libopenjp2-7-32bit / libopenjp2-7-debuginfo / etc"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1060.NASL description According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) - An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) - A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-10 modified 2017-05-01 plugin id 99905 published 2017-05-01 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99905 title EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2017-1060) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(99905); script_version("1.73"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/21"); script_cve_id( "CVE-2016-5139", "CVE-2016-5158", "CVE-2016-5159", "CVE-2016-7163", "CVE-2016-9573", "CVE-2016-9675" ); script_name(english:"EulerOS 2.0 SP2 : openjpeg (EulerOS-SA-2017-1060)"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) - An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) - A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1060 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2a3feb88"); script_set_attribute(attribute:"solution", value: "Update the affected openjpeg packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"patch_publication_date", value:"2017/03/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/05/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openjpeg-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["openjpeg-libs-1.5.1-16"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg"); }NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2017-0048.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Revert previous changes in patch for (CVE-2016-5159) - Fix double free in patch for (CVE-2016-5139) - Fix memory leaks and invalid read in cio_bytein Related: #1419775 - Add two more allocation checks to patch for (CVE-2016-5159) Related: #1419775 - Add patches for CVE-2016-5139, CVE-2016-5158, (CVE-2016-5159) Related: #1419775 - Fix patch name: CVE-2016-9675 => (CVE-2016-7163) Related: #1419775 - Add patch for (CVE-2016-9675) - Fix Coverity issues Resolves: #1419775 last seen 2020-06-01 modified 2020-06-02 plugin id 97908 published 2017-03-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97908 title OracleVM 3.3 / 3.4 : openjpeg (OVMSA-2017-0048) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-0838.NASL description From Red Hat Security Advisory 2017:0838 : An update for openjpeg is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) * A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). last seen 2020-06-01 modified 2020-06-02 plugin id 97907 published 2017-03-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97907 title Oracle Linux 7 : openjpeg (ELSA-2017-0838) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2017-1088.NASL description According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) - An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) - A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-03 modified 2017-06-09 plugin id 100683 published 2017-06-09 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/100683 title EulerOS 2.0 SP1 : openjpeg (EulerOS-SA-2017-1088) NASL family Fedora Local Security Checks NASL id FEDORA_2016-ADB346980C.NASL description Backport fix for an out-of-bounds write. ---- Security fix for CVE-2016-7163 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-09-19 plugin id 93577 published 2016-09-19 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93577 title Fedora 23 : mingw-openjpeg2 (2016-adb346980c) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-0838.NASL description An update for openjpeg is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) * A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). last seen 2020-06-01 modified 2020-06-02 plugin id 99041 published 2017-03-30 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/99041 title CentOS 7 : openjpeg (CESA-2017:0838) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2017-0559.NASL description An update for openjpeg is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution. (CVE-2016-9675) The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). last seen 2020-06-01 modified 2020-06-02 plugin id 97837 published 2017-03-21 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97837 title CentOS 6 : openjpeg (CESA-2017:0559) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2017-0559.NASL description An update for openjpeg is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution. (CVE-2016-9675) The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-10 modified 2017-07-13 plugin id 101440 published 2017-07-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101440 title Virtuozzo 6 : openjpeg / openjpeg-devel / openjpeg-libs (VZLSA-2017-0559) NASL family Fedora Local Security Checks NASL id FEDORA_2016-27D3B7742F.NASL description Backport fix for an out-of-bounds write. ---- Security fix for CVE-2016-7163 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-09-15 plugin id 93488 published 2016-09-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93488 title Fedora 24 : openjpeg2 (2016-27d3b7742f) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0129_OPENJPEG.NASL description The remote NewStart CGSL host, running version MAIN 4.05, has openjpeg packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap- based buffer overflows leading to a crash or possible code execution. (CVE-2016-9675) - An integer overflow, leading to a heap buffer overflow, was found in OpenJPEG. An attacker could create a crafted JPEG2000 image that, when loaded by an application using openjpeg, could lead to a crash or, potentially, code execution. (CVE-2016-7163) - An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating memory for code blocks, which could lead to a crash, or potentially, code execution. (CVE-2016-5159) - An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause incorrect calculations when allocating various data structures, which could lead to a crash, or potentially, code execution. (CVE-2016-5158) - An integer overflow, leading to a heap buffer overflow, was found in openjpeg, also affecting the PDF viewer in Chromium. A specially crafted JPEG2000 image could cause an incorrect calculation when allocating precinct data structures, which could lead to a crash, or potentially, code execution. (CVE-2016-5139) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 127382 published 2019-08-12 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127382 title NewStart CGSL MAIN 4.05 : openjpeg Multiple Vulnerabilities (NS-SA-2019-0129) NASL family Virtuozzo Local Security Checks NASL id VIRTUOZZO_VZLSA-2017-0838.NASL description An update for openjpeg is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) * A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-10 modified 2017-07-13 plugin id 101442 published 2017-07-13 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101442 title Virtuozzo 7 : openjpeg / openjpeg-devel / openjpeg-libs (VZLSA-2017-0838) NASL family Fedora Local Security Checks NASL id FEDORA_2016-8ED6B7BB5E.NASL description Backport fix for an out-of-bounds write. ---- Security fix for CVE-2016-7163 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-15 plugin id 94833 published 2016-11-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94833 title Fedora 25 : mingw-openjpeg2 (2016-8ed6b7bb5e) NASL family Fedora Local Security Checks NASL id FEDORA_2016-2EAC99579C.NASL description Backport fix for an out-of-bounds write. ---- Security fix for CVE-2016-7163 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-09-19 plugin id 93573 published 2016-09-19 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93573 title Fedora 24 : mingw-openjpeg2 (2016-2eac99579c) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2017-807.NASL description Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139 , CVE-2016-5158 , CVE-2016-5159 , CVE-2016-7163) A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution. (CVE-2016-9675) last seen 2020-06-01 modified 2020-06-02 plugin id 97897 published 2017-03-23 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/97897 title Amazon Linux AMI : openjpeg (ALAS-2017-807) NASL family Fedora Local Security Checks NASL id FEDORA_2016-231F53426B.NASL description Backport fix for an out-of-bounds write. ---- Security fix for CVE-2016-7163 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-09-19 plugin id 93572 published 2016-09-19 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93572 title Fedora 23 : openjpeg2 (2016-231f53426b) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-0559.NASL description An update for openjpeg is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution. (CVE-2016-9675) The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). last seen 2020-06-01 modified 2020-06-02 plugin id 97823 published 2017-03-20 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97823 title RHEL 6 : openjpeg (RHSA-2017:0559) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2017-0838.NASL description An update for openjpeg is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) * A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). last seen 2020-06-01 modified 2020-06-02 plugin id 97911 published 2017-03-23 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97911 title RHEL 7 : openjpeg (RHSA-2017:0838) NASL family Scientific Linux Local Security Checks NASL id SL_20170322_OPENJPEG_ON_SL7_X.NASL description Security Fix(es) : - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) - An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. (CVE-2016-9573) - A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause the application to crash or, potentially, execute arbitrary code. (CVE-2016-9675) last seen 2020-03-18 modified 2017-03-24 plugin id 97935 published 2017-03-24 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97935 title Scientific Linux Security Update : openjpeg on SL7.x x86_64 (20170322) NASL family Fedora Local Security Checks NASL id FEDORA_2016-DC53CEFFC2.NASL description Backport fix for an out-of-bounds write. ---- Security fix for CVE-2016-7163 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-11-15 plugin id 94869 published 2016-11-15 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/94869 title Fedora 25 : openjpeg2 (2016-dc53ceffc2) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3665.NASL description Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression / decompression library, may result in denial of service or the execution of arbitrary code if a malformed JPEG 2000 file is processed. last seen 2020-06-01 modified 2020-06-02 plugin id 93420 published 2016-09-12 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93420 title Debian DSA-3665-1 : openjpeg2 - security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-2144-1.NASL description This update for openjpeg2 fixes the following issues : - CVE 2016-7163: Integer Overflow could lead to remote code execution (bsc#997857). - CVE 2015-8871: Use-after-free in opj_j2k_write_mco function could lead to denial of service (bsc#979907). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 102477 published 2017-08-14 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102477 title SUSE SLED12 / SLES12 Security Update : openjpeg2 (SUSE-SU-2017:2144-1) NASL family Scientific Linux Local Security Checks NASL id SL_20170319_OPENJPEG_ON_SL6_X.NASL description Security Fix(es) : - Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) - A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution. (CVE-2016-9675) last seen 2020-03-18 modified 2017-03-21 plugin id 97846 published 2017-03-21 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97846 title Scientific Linux Security Update : openjpeg on SL6.x i386/x86_64 (20170319) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_B7D56D0B7A1111E6AF78589CFC0654E1.NASL description Tencent last seen 2020-06-01 modified 2020-06-02 plugin id 93989 published 2016-10-12 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/93989 title FreeBSD : openjpeg -- multiple vulnerabilities (b7d56d0b-7a11-11e6-af78-589cfc0654e1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2017-0559.NASL description From Red Hat Security Advisory 2017:0559 : An update for openjpeg is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es) : * Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139, CVE-2016-5158, CVE-2016-5159, CVE-2016-7163) * A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution. (CVE-2016-9675) The CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security). last seen 2020-06-01 modified 2020-06-02 plugin id 97821 published 2017-03-20 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/97821 title Oracle Linux 6 : openjpeg (ELSA-2017-0559)
Redhat
| advisories |
| ||||||||
| rpms |
|
References
- https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24
- http://www.securityfocus.com/bid/92897
- https://github.com/uclouvain/openjpeg/pull/809
- https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4
- http://www.openwall.com/lists/oss-security/2016/09/08/6
- http://www.debian.org/security/2016/dsa-3665
- http://www.openwall.com/lists/oss-security/2016/09/08/3
- https://github.com/uclouvain/openjpeg/issues/826
- http://rhn.redhat.com/errata/RHSA-2017-0838.html
- http://rhn.redhat.com/errata/RHSA-2017-0559.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AQ2IIIQSJ3J4MONBOGCG6XHLKKJX2HKM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2T6IQAMS4W65MGP7UW5FPE22PXELTK5D/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66BWMMMWXH32J5AOGLAJGZA3GH5LZHXH/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H4IRSGYMBSHCBZP23CUDIRJ3LBKH6ZJ7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YGKSEWWWED77Q5ZHK4OA2EKSJXLRU3MK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JYLOX7PZS3ZUHQ6RGI3M6H27B7I5ZZ26/