** Also affects: openjpeg2 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openjpeg in Ubuntu.
https://bugs.launchpad.net/bugs/1630702
Title:
CVE-2016-8332 allows an out-of-bound heap write to occur resulting in
heap corruption and arbitrary code execution
Status in openjpeg package in Ubuntu:
New
Status in openjpeg2 package in Ubuntu:
New
Bug description:
A security vulnerability was recently disclosed in openjpeg and
assigned the CVE number of CVE-2016-8332.
The vulnerability is described here (http://www.zdnet.com/article
/openjpeg-zero-day-flaw-leads-to-remote-code-execution/):
"
Cisco Talos researchers have uncovered a severe zero-day flaw in the OpenJPEG
JPEG 2000 codec which could lead to remote code execution on compromised
systems.
On Friday, researchers from Cisco revealed the existence of the zero-
day flaw in the JPEG 2000 image file format parser implemented in
OpenJPEG library. The out-of-bounds vulnerability, assigned as
CVE-2016-8332, could allow an out-of-bound heap write to occur
resulting in heap corruption and arbitrary code execution.
OpenJPEG is an open-source JPEG 2000 codec. Written in C, the software
was created to promote JPEG 2000, an image compression standard which
is in popular use and is often used for tasks including embedding
images within PDF documents through software including Poppler, MuPDF
and Pdfium.
The bug, assigned a CVSS score of 7.5, was caused by errors in parsing
mcc records in the jpeg2000 file, resulting in "an erroneous read and
write of adjacent heap area memory." If manipulated, these errors can
lead to heap metadata process memory corruption.
In a security advisory, the team said the security vulnerability can
be exploited by attackers if victims open specifically crafted,
malicious JPEG 2000 images. For example, if this content was within a
phishing email or hosted on legitimate services such as Google Drive
or Dropbox, once downloaded to their system, the path is created for
attackers to execute code remotely.
The vulnerability was discovered by Aleksander Nikolic from the Cisco
Talos security team in OpenJpeg openjp2 version 2.1.1.
Cisco Talos disclosed the vulnerability to affected vendors on 26 July,
granting them time to prepare patches to fix the problem before public release.
"
I am filing this report as a fix for the issue doesn't seem to have
yet been backported in and given the importance of the issue and the
ease in exploiting it, it would be good if this is done soon.
This is the fix on GitHub:
https://github.com/uclouvain/openjpeg/pull/820/files
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjpeg/+bug/1630702/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
