[Bugs] [Bug 13287] New: [CVE 21] openjpeg 1.5.2 CVEs found

bugzilla bugzilla на rosalinux.ru
Ср Май 3 17:01:20 MSK 2023 

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13287

          Platform: 2021.1
            Bug ID: 13287
           Summary: [CVE 21] openjpeg 1.5.2  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2016-3182, CVE-2017-12982, CVE-2017-14039,
                    CVE-2017-14164, CVE-2018-21010, CVE-2020-27823,
                    CVE-2020-27824, CVE-2020-27841, CVE-2020-27842,
                    CVE-2020-27843, CVE-2020-27844, CVE-2020-27845,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package openjpeg version 1.5.2

INFO (CVEs are): openjpeg 1.5.2
 cves found
CVE-2016-3182
Desc: The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before
2.1.1 allows attackers to cause a denial of service (memory corruption) via a
crafted jpeg 2000 file.
Link: https://nvd.nist.gov/vuln/detail/CVE-2016-3182
Severity: MEDIUM
CVE-2017-12982
Desc: The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG
2.2.0 does not reject headers with a zero biBitCount, which allows remote
attackers to cause a denial of service (memory allocation failure) in the
opj_image_create function in lib/openjp2/image.c, related to the
opj_aligned_alloc_n function in opj_malloc.c.
Link: https://nvd.nist.gov/vuln/detail/CVE-2017-12982
Severity: MEDIUM
CVE-2017-14039
Desc: A heap-based buffer overflow was discovered in the opj_t2_encode_packet
function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an
out-of-bounds write, which may lead to remote denial of service or possibly
unspecified other impact.
Link: https://nvd.nist.gov/vuln/detail/CVE-2017-14039
Severity: HIGH
CVE-2017-14164
Desc: A size-validation issue was discovered in opj_j2k_write_sot in
lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds
write, which may lead to remote denial of service (heap-based buffer overflow
affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code
execution. NOTE: this vulnerability exists because of an incomplete fix for
CVE-2017-14152.
Link: https://nvd.nist.gov/vuln/detail/CVE-2017-14164
Severity: HIGH
CVE-2018-21010
Desc: OpenJPEG before 2.3.1 has a heap buffer overflow in
color_apply_icc_profile in bin/common/color.c.
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-21010
Severity: HIGH
CVE-2020-27823
Desc: A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to
pass specially crafted x,y offset input to OpenJPEG to use during encoding. The
highest threat from this vulnerability is to confidentiality, integrity, as
well as system availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27823
Severity: HIGH
CVE-2020-27824
Desc: A flaw was found in OpenJPEG’s encoder in the
opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who
can supply crafted input to decomposition levels to cause a buffer overflow.
The highest threat from this vulnerability is to system availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27824
Severity: MEDIUM
CVE-2020-27841
Desc: There's a flaw in openjpeg in versions prior to 2.4.0 in
src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be
processed by the openjpeg encoder, this could cause an out-of-bounds read. The
greatest impact from this flaw is to application availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27841
Severity: MEDIUM
CVE-2020-27842
Desc: There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An
attacker who is able to provide crafted input to be processed by openjpeg could
cause a null pointer dereference. The highest impact of this flaw is to
application availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27842
Severity: MEDIUM
CVE-2020-27843
Desc: A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows
an attacker to provide specially crafted input to the conversion or encoding
functionality, causing an out-of-bounds read. The highest threat from this
vulnerability is system availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27843
Severity: MEDIUM
CVE-2020-27844
Desc: A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to
2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during
conversion and encoding, causing an out-of-bounds write. The highest threat
from this vulnerability is to confidentiality, integrity, as well as system
availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27844
Severity: HIGH
CVE-2020-27845
Desc: There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to
2.4.0. If an attacker is able to provide untrusted input to openjpeg's
conversion/encoding functionality, they could cause an out-of-bounds read. The
highest impact of this flaw is to application availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27845
Severity: MEDIUM

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/d8f334d0/attachment.html>

Подробная информация о списке рассылки Bugs