aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:44:28Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7827[3.5] openjpeg: Multiple vulnerabilities (CVE-2017-14039, CVE-2017-14040, CVE...2019-07-23T11:44:28ZAlicha CH[3.5] openjpeg: Multiple vulnerabilities (CVE-2017-14039, CVE-2017-14040, CVE-2017-14041, CVE-2017-14151, CVE-2017-14152, CVE-2017-14164)CVE-2017-14039: heap-based buffer overflow in opj\_t2\_encode\_packet
---------------------------------------------------------------------
A heap-based buffer overflow was discovered in the
opj\_t2\_encode\_packet function in lib/openj...CVE-2017-14039: heap-based buffer overflow in opj\_t2\_encode\_packet
---------------------------------------------------------------------
A heap-based buffer overflow was discovered in the
opj\_t2\_encode\_packet function in lib/openjp2/t2.c in OpenJPEG
2.2.0.
The vulnerability causes an out-of-bounds write, which may lead to
remote denial of service or possibly unspecified other impact.
### References:
https://github.com/uclouvain/openjpeg/issues/992
https://nvd.nist.gov/vuln/detail/CVE-2017-14039
### Patch:
https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e
CVE-2017-14040: invalid memory write in tgatoimage
--------------------------------------------------
An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG
2.2.0, triggering a crash in the tgatoimage function.
The vulnerability may lead to remote denial of service or possibly
unspecified other impact.
### References:
https://github.com/uclouvain/openjpeg/issues/995
https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
### Patch:
https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281
CVE-2017-14041: Stack-based buffer over-write in pgxtoimage function in bin/jp2/convert.c
-----------------------------------------------------------------------------------------
A stack-based buffer overflow was discovered in the pgxtoimage
function
in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an
out-of-bounds write, which may lead to remote denial of service or
possibly remote code execution.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14041
https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/
### Patch:
https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
CVE-2017-14151: heap-based buffer overflow in opj\_mqc\_flush
-------------------------------------------------------------
An off-by-one error was discovered in
opj\_tcd\_code\_block\_enc\_allocate\_data in lib/openjp2/tcd.c in
OpenJPEG 2.2.0.
The vulnerability causes an out-of-bounds write, which may lead to
remote denial of service (heap-based buffer overflow
affecting opj\_mqc\_flush in lib/openjp2/mqc.c and opj\_t1\_encode\_cblk
in lib/openjp2/t1.c) or possibly remote code execution.
### References:
http://openwall.com/lists/oss-security/2017/09/06/1
### Patch:
https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
CVE-2017-14152: heap-based buffer overflow in opj\_write\_bytes\_LE
-------------------------------------------------------------------
A mishandled zero case was discovered in
opj\_j2k\_set\_cinema\_parameters in lib/openjp2/j2k.c in OpenJPEG
2.2.0.
The vulnerability causes an out-of-bounds write, which may lead to
remote denial of service (heap-based buffer overflow
affecting opj\_write\_bytes\_LE in lib/openjp2/cio.c and
opj\_j2k\_write\_sot in lib/openjp2/j2k.c) or possibly remote code
execution.
### References:
http://openwall.com/lists/oss-security/2017/09/06/2
### Patch:
https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154
CVE-2017-14164: heap-based buffer overflow in opj\_write\_bytes\_LE (cio.c)
---------------------------------------------------------------------------
A size-validation issue was discovered in opj\_j2k\_write\_sot in
lib/openjp2/j2k.c in OpenJPEG 2.2.0.
The vulnerability causes an out-of-bounds write, which may lead to
remote denial of service (heap-based buffer
overflow affecting opj\_write\_bytes\_LE in lib/openjp2/cio.c) or
possibly remote code execution.
**NOTE:** this vulnerability exists because of an incomplete fix for
CVE-2017-14152.
### References:
http://openwall.com/lists/oss-security/2017/09/06/3
### Patch:
https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a
*(from redmine: issue id 7827, created on 2017-09-14, closed on 2019-05-04)*
* Relations:
* parent #78243.5.4Francesco ColistaFrancesco Colista