Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 30 Aug 2017 07:33:28 +0000
From: winsonliu(刘科) <winsonliu@...cent.com>
To: Vladis Dronov <vdronov@...hat.com>, "oss-security@...ts.openwall.com"
	<oss-security@...ts.openwall.com>, Alan Coopersmith
	<alan.coopersmith@...cle.com>
CC: cve-assign <cve-assign@...re.org>
Subject: RE: CVE Request: Multiple security issues in OpenJPEG

Hello,

CVE-2016-10504 ~ 10507 have been assigned to these issues.

Regards,
Ke

> [Suggested description]
> Heap-based buffer overflow vulnerability in the opj_mqc_byteout 
> function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to 
> cause a denial of service (application crash) via a crafted bmp file.
> 
> ------------------------------------------
> 
> [Vulnerability Type]
> Buffer Overflow
> 
> ------------------------------------------
> 
> [Vendor of Product]
> OpenJPEG
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> OpenJPEG - before 2.2.0
> 
> ------------------------------------------
> 
> [Affected Component]
> executable file: opj_compress, function: opj_mqc_byteout, file: mqc.c
> 
> ------------------------------------------
> 
> [Attack Type]
> Remote
> 
> ------------------------------------------
> 
> [Impact Denial of Service]
> true
> 
> ------------------------------------------
> 
> [Attack Vectors]
> via a crafted bmp file
> 
> ------------------------------------------
> 
> [Reference]
> https://github.com/uclouvain/openjpeg/issues/835
> https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e2
> 7d5d011d2c79c04
> 
> ------------------------------------------
> 
> [Has vendor confirmed or acknowledged the vulnerability?] true
> 
> ------------------------------------------
> 
> [Discoverer]
> Ke Liu of Tencent's Xuanwu LAB

Use CVE-2016-10504.


> [Suggested description]
> NULL pointer dereference vulnerabilities in the imagetopnm function in 
> convert.c, sycc444_to_rgb function in color.c, color_esycc_to_rgb 
> function in color.c, and sycc422_to_rgb function in color.c in 
> OpenJPEG before 2.2.0 allow remote attackers to cause a denial of 
> service (application crash) via crafted j2k files.
> 
> ------------------------------------------
> 
> [VulnerabilityType Other]
> Null pointer dereference
> 
> ------------------------------------------
> 
> [Vendor of Product]
> OpenJPEG
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> OpenJPEG - before 2.2.0
> 
> ------------------------------------------
> 
> [Affected Component]
> executable file: opj_decompress, function: imagetopnm, sycc444_to_rgb, 
> color_esycc_to_rgb, sycc422_to_rgb, file: color.c, convert.c
> 
> ------------------------------------------
> 
> [Attack Type]
> Remote
> 
> ------------------------------------------
> 
> [Impact Denial of Service]
> true
> 
> ------------------------------------------
> 
> [Attack Vectors]
> via crafted j2k files
> 
> ------------------------------------------
> 
> [Reference]
> https://github.com/uclouvain/openjpeg/issues/776
> https://github.com/uclouvain/openjpeg/issues/784
> https://github.com/uclouvain/openjpeg/issues/785
> https://github.com/uclouvain/openjpeg/issues/792
> 
> ------------------------------------------
> 
> [Has vendor confirmed or acknowledged the vulnerability?] true
> 
> ------------------------------------------
> 
> [Discoverer]
> Ke Liu of Tencent's Xuanwu LAB

Use CVE-2016-10505.


> [Suggested description]
> Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, 
> opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before
> 2.2.0 allow remote attackers to cause a denial of service (application 
> crash) via crafted j2k files.
> 
> ------------------------------------------
> 
> [VulnerabilityType Other]
> division-by-zero
> 
> ------------------------------------------
> 
> [Vendor of Product]
> OpenJPEG
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> OpenJPEG - before 2.2.0
> 
> ------------------------------------------
> 
> [Affected Component]
> executable file: opj_decompress, function: opj_pi_next_cprl, 
> opj_pi_next_pcrl, opj_pi_next_rpcl, file: pi.c
> 
> ------------------------------------------
> 
> [Attack Type]
> Remote
> 
> ------------------------------------------
> 
> [Impact Denial of Service]
> true
> 
> ------------------------------------------
> 
> [Attack Vectors]
> via crafted j2k files
> 
> ------------------------------------------
> 
> [Reference]
> https://github.com/uclouvain/openjpeg/issues/731
> https://github.com/uclouvain/openjpeg/issues/732
> https://github.com/uclouvain/openjpeg/issues/777
> https://github.com/uclouvain/openjpeg/issues/778
> https://github.com/uclouvain/openjpeg/issues/779
> https://github.com/uclouvain/openjpeg/issues/780
> https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc
> 1ba2bb1eeaafe7b
> 
> ------------------------------------------
> 
> [Has vendor confirmed or acknowledged the vulnerability?] true
> 
> ------------------------------------------
> 
> [Discoverer]
> Ke Liu of Tencent's Xuanwu LAB

Use CVE-2016-10506.


> [Suggested description]
> Integer overflow vulnerability in the bmp24toimage function in 
> convertbmp.c in OpenJPEG before 2.2.0 allows remote attackers to cause 
> a denial of service (heap-based buffer over-read and application crash) via a crafted bmp file.
> 
> ------------------------------------------
> 
> [Vulnerability Type]
> Integer Overflow
> 
> ------------------------------------------
> 
> [Vendor of Product]
> OpenJPEG
> 
> ------------------------------------------
> 
> [Affected Product Code Base]
> OpenJPEG - before 2.2.0
> 
> ------------------------------------------
> 
> [Affected Component]
> executable file: opj_compress, function: bmp24toimage, file: 
> convertbmp.c
> 
> ------------------------------------------
> 
> [Attack Type]
> Remote
> 
> ------------------------------------------
> 
> [Impact Denial of Service]
> true
> 
> ------------------------------------------
> 
> [Attack Vectors]
> via a crafted bmp file
> 
> ------------------------------------------
> 
> [Reference]
> https://github.com/uclouvain/openjpeg/issues/833
> https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce08
> 0bc026adffa26e8
> 
> ------------------------------------------
> 
> [Has vendor confirmed or acknowledged the vulnerability?] true
> 
> ------------------------------------------
> 
> [Discoverer]
> Ke Liu of Tencent's Xuanwu LAB

Use CVE-2016-10507.

-----Original Message-----
From: winsonliu
Sent: 2017年8月30日 10:48
To: 'Vladis Dronov' <vdronov@...hat.com>; 'oss-security@...ts.openwall.com' <oss-security@...ts.openwall.com>; 'Alan Coopersmith' <alan.coopersmith@...cle.com>
Cc: 'cve-assign' <cve-assign@...re.org>
Subject: RE: [oss-security] CVE Request: Multiple security issues in OpenJPEG

Hello,

I've already submitted these issues to https://cveform.mitre.org/ . As expected, four CVE numbers will be assigned since some of them have the same root cause.

Regards,
Ke

-----Original Message-----
From: winsonliu
Sent: 2017年8月25日 20:16
To: 'Vladis Dronov' <vdronov@...hat.com>; 'oss-security@...ts.openwall.com' <oss-security@...ts.openwall.com>; 'Alan Coopersmith' <alan.coopersmith@...cle.com>
Cc: 'cve-assign' <cve-assign@...re.org>
Subject: RE: [oss-security] CVE Request: Multiple security issues in OpenJPEG

Hello,

I'll submit them to cveform next week. And I'll update this thread when more information is available.

Regards,
Ke

-----Original Message-----
From: winsonliu 
Sent: 2017年8月24日 9:26
To: 'Vladis Dronov' <vdronov@...hat.com>; oss-security@...ts.openwall.com; 'Alan Coopersmith' <alan.coopersmith@...cle.com>
Cc: cve-assign <cve-assign@...re.org>
Subject: RE: [oss-security] CVE Request: Multiple security issues in OpenJPEG

I'm afraid no CVEs were assigned. At least I did not submit these issues to https://cveform.mitre.org/ 

Regards,
Ke

-----Original Message-----
From: Vladis Dronov [mailto:vdronov@...hat.com] 
Sent: 2017年8月23日 19:53
To: oss-security@...ts.openwall.com
Cc: winsonliu <winsonliu@...cent.com>; cve-assign <cve-assign@...re.org>
Subject: Re: [oss-security] CVE Request: Multiple security issues inOpenJPEG(Internet mail)

> Most of these seem to be fixed now in OpenJPEG's recent 2.2.0 release.
> Did CVE id's ever get assigned for them?

If no one reported them and requested CVE-ids via https://cveform.mitre.org/ then I suppose not, no CVE-ids were assigned.

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ