Bug 13287

Summary: [CVE 21] openjpeg 1.5.2 CVEs found
Product: [ROSA-based products] ROSA Fresh Reporter: Yury <y.tumanov>
Component: System (kernel, glibc, systemd, bash, PAM...)Assignee: ROSA Linux Bugs <bugs>
Status: VERIFIED FIXED QA Contact: ROSA Linux Bugs <bugs>
Severity: normal    
Priority: Normal CC: a.proklov, e.malashin, s.matveev, v.potapov, y.tumanov
Version: AllFlags: v.potapov: qa_verified+
y.tumanov: secteam_verified+
a.proklov: published+
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: CVE-2016-3182
Whiteboard:
Platform: 2021.1 ROSA Vulnerability identifier:
RPM Package: ISO-related:
Bad POT generating: Upstream:

Description Yury 2023-05-03 18:01:20 MSK 
Please patch CVEs for package openjpeg version 1.5.2
  
INFO (CVEs are): openjpeg 1.5.2
 cves found
CVE-2016-3182
Desc: The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG before 2.1.1 allows attackers to cause a denial of service (memory corruption) via a crafted jpeg 2000 file.
Link: https://nvd.nist.gov/vuln/detail/CVE-2016-3182
Severity: MEDIUM
CVE-2017-12982
Desc: The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG 2.2.0 does not reject headers with a zero biBitCount, which allows remote attackers to cause a denial of service (memory allocation failure) in the opj_image_create function in lib/openjp2/image.c, related to the opj_aligned_alloc_n function in opj_malloc.c.
Link: https://nvd.nist.gov/vuln/detail/CVE-2017-12982
Severity: MEDIUM
CVE-2017-14039
Desc: A heap-based buffer overflow was discovered in the opj_t2_encode_packet function in lib/openjp2/t2.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly unspecified other impact.
Link: https://nvd.nist.gov/vuln/detail/CVE-2017-14039
Severity: HIGH
CVE-2017-14164
Desc: A size-validation issue was discovered in opj_j2k_write_sot in lib/openjp2/j2k.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service (heap-based buffer overflow affecting opj_write_bytes_LE in lib/openjp2/cio.c) or possibly remote code execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-14152.
Link: https://nvd.nist.gov/vuln/detail/CVE-2017-14164
Severity: HIGH
CVE-2018-21010
Desc: OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-21010
Severity: HIGH
CVE-2020-27823
Desc: A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27823
Severity: HIGH
CVE-2020-27824
Desc: A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27824
Severity: MEDIUM
CVE-2020-27841
Desc: There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27841
Severity: MEDIUM
CVE-2020-27842
Desc: There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27842
Severity: MEDIUM
CVE-2020-27843
Desc: A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27843
Severity: MEDIUM
CVE-2020-27844
Desc: A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27844
Severity: HIGH
CVE-2020-27845
Desc: There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-27845
Severity: MEDIUM
Comment 1 Aleksandr Proklov 2023-05-17 12:51:01 MSK 
fix CVE-2016-3182
все последующие не закрыть т.к. относятся к версии openjpeg2 а она у нас уже обновлена

https://abf.io/build_lists/4440897
https://abf.io/build_lists/4440898
https://abf.io/build_lists/4440899
https://abf.io/build_lists/4440900
https://abf.io/build_lists/4440901
Comment 2 e.malashin@rosalinux.ru 2023-05-17 16:43:13 MSK 
The update sent to testings
Comment 3 Vladimir Potapov 2023-05-30 18:19:15 MSK 
openjpeg-1.5.2-7
https://abf.io/build_lists/4440897
https://abf.io/build_lists/4440898
https://abf.io/build_lists/4440899
https://abf.io/build_lists/4440900
https://abf.io/build_lists/4440901
************************ Advisory ********************
fix CVE-2016-3182
******************************************************
QA Verified
Comment 4 Yury 2023-07-25 16:35:10 MSK 
Secteam Verified