【CESA-2017:0838】An update for openjpeg is now available for Red Hat Enterprise Linux 7

CESA-2017:0838

An update for openjpeg is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

OpenJPEG is an open source library for reading and writing image files in
JPEG2000 format.

Security Fix(es):

* Multiple integer overflow flaws, leading to heap-based buffer overflows, were
found in OpenJPEG. A specially crafted JPEG2000 image could cause an application
using OpenJPEG to crash or, potentially, execute arbitrary code. (CVE-2016-5139,
CVE-2016-5158, CVE-2016-5159, CVE-2016-7163)

* An out-of-bounds read vulnerability was found in OpenJPEG, in the j2k_to_image
tool. Converting a specially crafted JPEG2000 file to another format could cause
the application to crash or, potentially, disclose some data from the heap.
(CVE-2016-9573)

* A heap-based buffer overflow vulnerability was found in OpenJPEG. A specially
crafted JPEG2000 image, when read by an application using OpenJPEG, could cause
the application to crash or, potentially, execute arbitrary code.
(CVE-2016-9675)

Red Hat would like to thank Liu Bingchang (IIE) for reporting CVE-2016-9573. The
CVE-2016-9675 issue was discovered by Doran Moppert (Red Hat Product Security).

Bugs Fixed

1363982 – CVE-2016-5139 chromium-browser, openjpeg: Heap overflow in parsing of JPEG2000 precincts
1372219 – CVE-2016-5158 chromium-browser, openjpeg: heap overflow due to unsafe use of opj_aligned_malloc
1372220 – CVE-2016-5159 chromium-browser, openjpeg: heap overflow in parsing of JPEG2000 code blocks
1374329 – CVE-2016-7163 openjpeg: Integer overflow in opj_pi_create_decode
1382202 – CVE-2016-9675 openjpeg: incorrect fix for CVE-2013-6045
1402711 – CVE-2016-9573 openjpeg: heap out-of-bounds read due to insufficient check in imagetopnm()