<html>

    <head>

      <base href="https://bugzilla.rosalinux.ru/">

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Platform</th>

          <td>2021.1

          </td>

        </tr>

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_CONFIRMED "

   title="CONFIRMED - [CVE 21] openjpeg 1.5.2 CVEs found"

   href="https://bugzilla.rosalinux.ru/show_bug.cgi?id=13287">13287</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>[CVE 21] openjpeg 1.5.2  CVEs found

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>ROSA-based products

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>ROSA Fresh

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>URL</th>

          <td>CVE-2016-3182, CVE-2017-12982, CVE-2017-14039, CVE-2017-14164, CVE-2018-21010, CVE-2020-27823, CVE-2020-27824, CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27844, CVE-2020-27845,

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>CONFIRMED

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>System (kernel, glibc, systemd, bash, PAM...)

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>bugs&#64;lists.rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>y.tumanov&#64;rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>QA Contact</th>

          <td>bugs&#64;lists.rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>s.matveev&#64;rosalinux.ru, y.tumanov&#64;rosalinux.ru

          </td>

        </tr>

        <tr>

          <th>Target Milestone</th>

          <td>---

          </td>

        </tr>

        <tr>

          <th>Flags</th>

          <td>secteam_verified?

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Please patch CVEs for package openjpeg version 1.5.2

INFO (CVEs are): openjpeg 1.5.2

 cves found

CVE-2016-3182

Desc: The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before

2.1.1 allows attackers to cause a denial of service (memory corruption) via a

crafted jpeg 2000 file.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2016-3182">https://nvd.nist.gov/vuln/detail/CVE-2016-3182</a>

Severity: MEDIUM

CVE-2017-12982

Desc: The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG

2.2.0 does not reject headers with a zero biBitCount, which allows remote

attackers to cause a denial of service (memory allocation failure) in the

opj_image_create function in lib/openjp2/image.c, related to the

opj_aligned_alloc_n function in opj_malloc.c.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2017-12982">https://nvd.nist.gov/vuln/detail/CVE-2017-12982</a>

Severity: MEDIUM

CVE-2017-14039

Desc: A heap-based buffer overflow was discovered in the opj_t2_encode_packet

function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an

out-of-bounds write, which may lead to remote denial of service or possibly

unspecified other impact.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2017-14039">https://nvd.nist.gov/vuln/detail/CVE-2017-14039</a>

Severity: HIGH

CVE-2017-14164

Desc: A size-validation issue was discovered in opj_j2k_write_sot in

lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds

write, which may lead to remote denial of service (heap-based buffer overflow

affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code

execution. NOTE: this vulnerability exists because of an incomplete fix for

CVE-2017-14152.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2017-14164">https://nvd.nist.gov/vuln/detail/CVE-2017-14164</a>

Severity: HIGH

CVE-2018-21010

Desc: OpenJPEG before 2.3.1 has a heap buffer overflow in

color_apply_icc_profile in bin/common/color.c.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2018-21010">https://nvd.nist.gov/vuln/detail/CVE-2018-21010</a>

Severity: HIGH

CVE-2020-27823

Desc: A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to

pass specially crafted x,y offset input to OpenJPEG to use during encoding. The

highest threat from this vulnerability is to confidentiality, integrity, as

well as system availability.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-27823">https://nvd.nist.gov/vuln/detail/CVE-2020-27823</a>

Severity: HIGH

CVE-2020-27824

Desc: A flaw was found in OpenJPEG’s encoder in the

opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who

can supply crafted input to decomposition levels to cause a buffer overflow.

The highest threat from this vulnerability is to system availability.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-27824">https://nvd.nist.gov/vuln/detail/CVE-2020-27824</a>

Severity: MEDIUM

CVE-2020-27841

Desc: There's a flaw in openjpeg in versions prior to 2.4.0 in

src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be

processed by the openjpeg encoder, this could cause an out-of-bounds read. The

greatest impact from this flaw is to application availability.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-27841">https://nvd.nist.gov/vuln/detail/CVE-2020-27841</a>

Severity: MEDIUM

CVE-2020-27842

Desc: There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An

attacker who is able to provide crafted input to be processed by openjpeg could

cause a null pointer dereference. The highest impact of this flaw is to

application availability.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-27842">https://nvd.nist.gov/vuln/detail/CVE-2020-27842</a>

Severity: MEDIUM

CVE-2020-27843

Desc: A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows

an attacker to provide specially crafted input to the conversion or encoding

functionality, causing an out-of-bounds read. The highest threat from this

vulnerability is system availability.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-27843">https://nvd.nist.gov/vuln/detail/CVE-2020-27843</a>

Severity: MEDIUM

CVE-2020-27844

Desc: A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to

2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during

conversion and encoding, causing an out-of-bounds write. The highest threat

from this vulnerability is to confidentiality, integrity, as well as system

availability.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-27844">https://nvd.nist.gov/vuln/detail/CVE-2020-27844</a>

Severity: HIGH

CVE-2020-27845

Desc: There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to

2.4.0. If an attacker is able to provide untrusted input to openjpeg's

conversion/encoding functionality, they could cause an out-of-bounds read. The

highest impact of this flaw is to application availability.

Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-27845">https://nvd.nist.gov/vuln/detail/CVE-2020-27845</a>

Severity: MEDIUM</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the QA Contact for the bug.</li>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>